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4. 



5.H5 



6.™ 



Fee Transmittal Form (PTO/SB/56) 

Applicant claims small entity status. See CFR 37 1.27. 

Specification and Claims in double column copy of patent 
format (amended, if appropriate) 

Drawing(s) (proposed amendments, if appropriate) 

[>3 Transfer drawings from original patent file 

Reissue Oath/Declaration (original or copy) 
(37 C.F.R. § 1.175) (PTO/SB/51 or 52) 

inal U.S. Patent currently assigned 

[g] Yes □ No 

Written Consent of all Assignees (PTO/SB/53) 

37 C.F.R. § 3.73(b) Statement (PTO/SB/96) 

Power of Attorney 



7. ^ Statement of Status/Support for all changes to the 

claims embedded in the remarks of the preliminary 
amendment See 37 CFR 1.173(c). 

8. □ Original U.S. Patent for Surrender 

Q Ribboned Original Patent Grant 
□ Statement of Loss (PTO/SB/55) 

9. □ Foreign Priority Claim (35 U.S.C. 1 19) if applicable 

10. [g) Information Disclosure Statement (IDS)/PTO-1449 

(g| Copies of IDS Citations 

11. Q English Translation of Reissue Oath/Declaration 

12. ^ Preliminary Amendment 
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Patent: 5,848,159 



Claims as Filed - Part 1 



Claims in Patent 



Number filed in 
Reissue Application 



(3) 

Number Extra 



Small Entity 



Rate 



Fee 



Other than Small Entity 



Rate 



Fee 



(A) 13 



Total Claims 
(37 CFR 1.16(])) 



(B) 61 



48 



x$ 



xS 18.00 



$864.00 



(C) 8 



Independent Claims 
(37CFR 1.16(i)) 



(D) 20 



12 



x$_ 



x$ 80.00 



$960.00 



Basic Fee (37 CFR 1.16(h)) $71O0Q 



Total Filing Fee S2.534.00 
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Claims as Amended - Part 2 
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Claims Remaining 
After Amendment 



(2) 
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(3) 

Extra Claims 
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Small Entity 



Rate 



Fee 
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Entity 



Rate 
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If the "Highest Number of Total Claims Previously Paid For" is less than 20, write "20" in this space. 
After any cancellation of claims. 

If "A" is greater than 20, use (B-A); if "A" is 20 or less, use (B-20). 

Highest Number of Independent Claims Previously Paid For" or Number of Independent Claims in Patent (C). 



□ Applicant claims small entity status. See 37 CFR 1 .27. 

□ Please charge Deposit Account No. 02-3964 in the amount of $ . 

A duplicate copy of this sheet is enclosed for this purpose. 

[g| The Commissioner if hereby authorized to charge any additional fees under 37 CFR 1 . 1 6 or 1 . 1 7 which may be required, or 
credit any overpayments to Deposit Account No. 02-3964 . 

* A duplicate copy of this sheet is enclosed for this purpose. 

£3 A check in the amount of $ 2,664.00 . to cover the filing fee and petition fee under 1 .17(h), is enclosed. 

□ Payment by credit card. Form PTO-2038 is attached. 

WARNING: Information on this form may become public. Credit card information should not 
be included on this form. Provide credit card information and authorization on PTO-2038 
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Leah Sherry, Registration No. 43,918 
Attorney for Patentee 



SV: 108812 vOl 10/13/2000 



IN THE UNITED STATES PATENTS AND TRADEMARK OFFICE 

Applicant: COLLINS etal. Attorney Docket No.: 20206-00 14(PT-TA-4 10) 

Patent No.: 5,848,159 ' S 

Issued: December 8, 1998 w^f 

For: "PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD" 3 ^ 

u 
»-> 

CERTIFICATE UNDER 37 CFR 3.73(b) 

I. Compaq Computer Corporation, a Delaware corporation, certifies that it is the assignee of the 
entire right, title, and interest in the patent application identified above by virtue of a chain of title from 
the inventors of the patent application identified above, to the current assignee as shown below: 



1 . From: Thomas Collins, Dale Hopkins, Susan Langford and Michael Sabin , * \ 

3 To: Tandem Computers Incorporated 

I :;f The document was recorded in the Patent and Trademark Office on May 7, 1997 as 

Reel and Frame # 8542/0875. 



S3 »~<11 



X A 



.is. 



?3 2. From: Tandem Computers Incorporated 
^jj;; To: Compaq Computer Corporation 

% P The document was recorded in the Patent and Trademark Office, on October 12, 2000, a 

3 s » copy of which is attached. X 

3 The undersigned is empowered to sign this certificate on behalf of the assignee. 

3S-J 



"Date: 




fr4 0CT_*O 

Theodore S. Park 
Senior Counsel, Intellectual Property 

Compaq Computer Corporation 
P.O. Box 692000 
Houston, TX 7707-2698 
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REISSUE APPLICATION BY THE INVENTOR(S), 
OFFER TO SURRENDER PATENT 



Docket Number: 20206-0 14(PT-TA-4 10) 
Patent: 5,848,159 



si: 



vo 



This is part of the application for a reissue patent based on the original patent identified below. 
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Name of Patentee(s) 



Thomas Collins, Dale Hopkins, Susan Langford, Micahel Sabin 



Patent Number 



5,848,159 



Date Patent Issued 



December 8, 1998 



Title of Invention 



PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD 



I am the 

□ inventor (if only one name is listed herein) of the original patent. 
E*3 joint inventor (if plural names are listed herein) of the original patent. 
I offer to surrender the original patent. 

Filed herein is a certificate under 37 CFR 3.73(b). 
2. , 5 V □ Ownership of the patent is in the inventor(s), and no assignment of the patent has been made. 
On&dtf boxes 1 or 2 above must be checked. 

- '|bw 

The^ritten consent of all assignees owning an undivided interest in the original patent is included in this application for 
rerss&e. 



SigEferture 




Date: 




Typed or printed name: 


Thomas Collins 


•til-' 

Signature 




Date: 




Typed or printed name: 


Dale Hopkins 


Signature 




Date: 




Typed or printed name: 


Susan Langford 


Signature 




Date: 




Typed or printed name: 


Michael Sabin 


The assignee owning an undivided interest in said original patent is Compaq Computer Corporation, and the assignee 
consents to the accompanying application for reissue. 
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I hereby declare that all statements made herein of my own knowledge are true and that all statements made on 
information and belief are believed to be true; and further that these statements were made with the knowledge that willful 
false statements and the like so made are punishable by fine or imprisonment, or both, under 18 U.S.C. 1001 and that suck 
willful false statements may jeopardize the validity of the application, any patent issued thereon, or any patent to which 
this declaration is directed. 



Name of Assignee 


Compaq Computer Corporation 


Signature of Person Signing 
for the Assignee 


^heodore S. Park, Senior Intellectual Property Counsel 


Type/printed name and title of 
person signing for assignee 
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CONSENT OF ASSIGNEE TO REISSUE 
APPLICATION 



Docket Number: 20206-0 14(PT-TA-41 0) 



This is part of the application for a reissue patent based on the original patent identified below. 



Name of 
Patentee(s): 



COLLINS et al. 



Patent Number: 



5,848,159 



Patent Issued 



December 8, 1998 



Title of Invention 



PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD 



As an authorized agent empowered to act on behalf of Compaq Computer Corporation , the assignee of 
q the entire interest in the original patent, I hereby consent to the filing of the present application for 
j reissue of the original patent. 

|] A certificate under 37 CFR(b) is attached. 



f hereby declare that all statements made herein of my own knowledge are true and that all statements 
iaade on information and belief are believed to be true; and further that these statements were made 
^vith the knowledge that willful false statements and the like so made are punishable by fine or 
^imprisonment, or both, under 18 U.S.C. 1001 and that such willful false statements may jeopardize the 
l^galidity of the application, any patent issued thereon, or any patent to which this declaration is 
Erected. 



jjffame of Assignee 



Compaq Computer Corporation 




Signature ofPerson 
Signing for Assignee 



Printed name and title of 
person signing for assignee 



Theodore S. Park, Counsel 
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OFFER TO SURRENDER PATENT 
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Docket Number: 20206-014(PT-TA-410) 

Patent: 5,848,159 n ~ 


This is part of the application for a reissue patent based on the original patent identified below. ft vo™ 


Name of Patentee(s) 


Thomas Collins, Dale Hopkins, Susan Langford, Michael Sabin 

VO =—fM 


Patent Number 


5,848,159 


1 ~ — — 

Date Patent Issued December 8, 1998 B° 


Title of Invention 


PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD 


I am the 

□ inventor (if only one name is listed herein) of the original patent. 
S joint inventor (if plural names are listed herein) of the original patent. 
I lifer to surrender the original patent. 

Wu , El Filed herein is a certificate under 37 CFR 3.73(b). 

ay 

2* j:s LI Ownership of the patent is in the inventor(s), and no assignment of the patent has been made. 
Qn^£>f boxes 1 or 2 above must be checked. 

T^d^ritten consent of all assignees owning an undivided interest in the original patent is included in this application for 
reissue. 


§igMture 




Date: 


Oct. Zd> ^kO/on 


f yp|d or printed name: 


"^' r 7 ~ 

Thomas Collins 


Signature 




Date: 


Oct . 2£> Z<DOO 


Typed or printed name: 


■ * 

Dale Hopkins 


Signature 




Date: 


Gsf. OQ, lav* 


Typed or printed name: 


Susan langford 


Signature 




Date: 




Typed or printed name: 


Michael Sabin 


The assignee owning an undivided interest in said original patent is Compaq Computer Corporation and th* assigns 
consents to the accompanying application for reissue. 



lof2 

SV/l 08792.01 
10142000/12:02/20206.14 



— ^ • # 

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on 
information and belief are believed to be true; and further that these statements were made with the knowledge that willful 
false statements and the like so made are punishable by fine or imprisonment, or both, under 18 U.S.C. 1001 and that suck 
willful false statements may jeopardize the validity of the application, any patent issued thereon, or any patent to which 
this declaration is directed. 



Name of Assignee 


Compaq Computer Corporation 


Signature of Person Signing 
for the Assignee 




Type/printed name and title of 
person signing for assignee 


Theodore S. Park, Senior Intellectual Property Counsel 
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REISSUE APPLICATION BY THE INVENTOR(S), 
OFFER TO SURRENDER PATENT 



Docket Number: 20206-014(PT-TA-410) 
Patent: 5,848,159 



This is part of the application for a reissue patent based on the original patent identified below. 



Name of Patentee(s) 



Thomas Collins, Dale Hopkins, Susan Langford, Michael Sabin 



Patent Number 



5,848,159 



Date Patent Issued 



December 8, 1998 



Title of Invention 



PUBLIC KEY CRYPTOGRAPHIC APPARATUS AND METHOD 



I am the 



□ inventor (if only one name is listed herein) of the original patent. 
[3 joint inventor (if plural names are listed herein) of the original patent, 
I pjfer to surrender the original patent. 

hi ri M Filed herein is a certificate under 37 CFR 3.73(b). 

2. tj f = l LJ Ownership of the patent is in the inventor(s), and no assignment of the patent has been made. 
Oribpf boxes 1 or 2 above must be checked. 



T3ie :s \kitten consent of all assignees owning an undivided interest in the original patent is included in this application for 
reissue. 



Sgigfture 




Date: 




-~3 £S ' 5 - 

Type§. or printed name: 


Thomas Collins 


Sigikture 




Date: 




Typed or printed name: 


Dale Hopkins 


Signature 




Date: 




Typed or printed name: 


Susan Langford 


Signature 




Date: 


30 OCT ^006 


Typed or printed name: 


Michael Sabin 


The assignee owning an undivided interest in said original patent is Compaq Computer Corporation, and the assignee 
consents to the accompanying application for reissue. 
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I hereby declar^hat &1 statements made herein of my own knowledge are true and'that all statements made on 
information and belief are believed to be true; and further that these statements were made with the knowledge that willful 
false statements and the like so made are punishable by fine or imprisonment, or both, under 18 U.S.C. 1001 and that suck 
willful false statements may jeopardize the validity of the application, any patent issued thereon, or any patent to which 
this declaration is directed. 



Name of Assignee 


Compaq Computer Corporation 


Signature of Person Signing 
for the Assignee 




Type/printed name and title of 
person signing for assignee 


Theodore S. Park, Senior Intellectual Property Counsel 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Attorney Docket No. 20206-0 14(PT-TA-4 10) 
Inventors: Collins et al. 
Patent No. 5,848,159 
Issued: December 8, 1998 

For: PUBLIC KEY CRYPTOGRAPHIC 



APPARATUS AND METHOD 



CERTIFICATE OF MAILING 
I hereby certify that this paper (along with any paper referred 
to as being attached or enclosed) is being deposited with the 
United States Postal Service as Express Mail No. 
EL655031318US addressed to: Assistant Commissioner for 
Patents, Box: DAC, Washington, DC, 20231 on October 19, 
2000 , 



By: 



Assistant Commissioner for Patents 
Box: Reissue 
Washington, D.C. 20231 



REISSUE APPLICATION PRELIMINARY AMENDMENT 



Sir: 



In conjunction with the filing of a Reissue Application, please amend the specification of 
the above-mentioned U.S. Patent and consider the remarks as hereafter provided: 

In the Specification other than Claims: 

Replace the paragraph beginning at column (hereafter "col ") 7, line 4 with the 
following: 

This application claims the benefit of U.S. Provisional Application No. 
60/033,271 for PUBLIC KEY CRYTOGRAPHIC APPARATUS AND METHOD, filed 
Dec. 9, 1996, naming as inventors, Thomas [Colins] Collins , Dale Hopkins, Susan 
Langford and [Michale] Michael Sabin, the [discolsure] disclosure of which is 
incorporated by reference. 



Replace the paragraph beginning at col 1, line 64 with the following: 

The RSA scheme capitalizes on the relative ease of creating a composite number 
from the product of two prime numbers whereas the attempt to factor the composite 
number into its constituent primes is difficult. The RSA scheme uses a public key E 
comprising a pair of positive integers n and e, where n is a composite number of the form 



1 
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n=p-q (1) 

where p and q are different prime numbers, and e is a number relatively prime to (p-1) 
and (q-1); that is, e is relatively prime to (p-1) or (q-1) if e has no factors in common with 
either of them. Importantly, the sender has access to n and e, but not to p and q. The 
message M is a number representative of a message to be transmitted wherein 

0<M<n-\. (2) 

The sender enciphers M to create ciphertext C by computing the exponential 

[C=M e (mod n)\ C=M e (modn\ (3) 



Replace the paragraph beginning at col 2, line 19 with the following: 

The recipient of the ciphertext C retrieves the message M using a (private) 
decoding key D, comprising a pair of positive integers d and n, employing the relation 

[M=C d (mod n)] C= M d (mod n) (4) 

As used in (4), above, d is a multiplicative inverse of 

e(mod(lcm(07-l) 3 (^l)))) (5) 

so that 

[e^l(mod(lcm((p-l), (?-l))))] l(modflcm((p-q (t?A)))) (6) 

where lcm((p-l), (q-1)) is the least common multiple of numbers p-1 and q-1. Most 
commercial implementations of RSA employ a different, although equivalent, 
relationship for obtaining d: 

[d=e l modfc-l) (?-l)] che' 1 mod((p-iy(g-lV> - (7) 
This alternate relationship simplifies computer processing. 



Replace the paragraph beginning at col 3, line 23 with the following: 



2 



SV/107030.02 
10192000/15:19/20206.14 




Attornei 



* 



fket No.: 20206-14 (PT-TA-410) 



It is still another object of this invention to provide a system and method for 
implementing an RSA scheme in which the [components] factors of n do not increase in 
length as n increases in length. 

Replace the paragraph beginning at col 3, line 27 with the following: 

It is still another object to provide a system and method for utilizing multiple 
(more than two), distinct prime number [components] factors to create n. 

Replace the paragraph beginning at col 3, line 36 with the following: 

The present invention discloses a method and apparatus for increasing the 
computational speed of RSA and related public key schemes by focusing on a neglected 
area of computation inefficiency. Instead of n=p-q, as is universal in the prior art, the 
present invention discloses a method and apparatus wherein n is developed from three or 
more distinct random prime numbers; i.e., n=ppp2 . .pk, where k is an integer greater 
than 2 and pi, p 2 ,. . . pk are sufficiently large distinct random primes. Preferably, 
"sufficiently large primes" are prime numbers that are numbers approximately 150 digits 
long or larger. The advantages of the invention over the prior art should be immediately 
apparent to those skilled in this art. If, as in the prior art, p and q are each on the order of, 
say, 150 digits long, then n will be on the order of 300 digits long. However, three primes 
pi, P2 and p 3 employed in accordance with the present invention can each be on the order 
of 100 digits long and still result in n being 300 digits long. Finding and verifying 3 
distinct primes, each 100 digits long, requires significantly fewer computational cycles 
than finding and verifying 2 primes each 150 digits long. 

Replace the paragraph beginning at col 3, line 56 with the following: 

The commercial need for longer and longer primes shows no evidence of slowing; 
already there are projected requirements for n of about 600 digits long to forestall 
incremental improvements in factoring techniques and the ever faster computers available 
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to break ciphertext. The invention, allowing 4 primes each about 150 digits long to obtain 
a 600 digit n, instead of two primes about [350] 300 digits long, results in a marked 
improvement in computer performance. For, not only are primes that are 150 digits in 
size easier to find and verify than ones on the order of [350] 300 digits, but by applying 
techniques the inventors derive from the Chinese Remainder Theorem (CRT), public key 
cryptography calculations for encryption and decryption are completed much faster-even 
if performed serially on a single processor system. However, the inventors' techniques are 
particularly adapted to [be] advantageously apply [enable] RSA public key cryptographic 
operations to parallel computer processing. 

Replace the paragraph beginning at col 4, line 6 with the following: 

The present invention is capable of [using] extending the RSA scheme to perform 
encryption and decryption operation using a large (many digit) n much faster than 
heretofore possible. Other advantages of the invention include its employment for 
decryption without the need to revise the RSA public key encryption transformation 
scheme currently in use on thousands of large and small computers. 

Replace the paragraph beginning at col 4 t line 13 with the following: 

A key assumption of the present invention is that n, composed of 3 or more 
sufficiently large distinct prime numbers, is no easier (or not very much easier) to factor 
than the prior art, two prime number n. The assumption is based on the observation that 
there is no indication in the prior art literature that it is "easy" to factor a product 
consisting of more than two sufficiently large, distinct prime numbers. This assumption 
may be justified given the continued effort (and failure) among experts to find a way 
"easily" to break large [component] composite numbers into their large prime factors. 
This assumption is similar, in the inventors 1 view, to the assumption underlying the entire 
field of public key cryptography that factoring composite numbers made up of two 
distinct primes is not "easy." That is, the entire field of public key cryptography is based 
not on mathematical proof, but on the assumption that the empirical evidence of failed 
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sustained efforts to find a way systematically to solve NP problems in polynomial time 
indicates that these problems truly are "difficult." 



Replace the paragraph beginning at col 4, line 32 with the following: 

The invention is preferably implemented in a system that employs parallel 
operations to perform the encryption, decryption operations required by the RSA scheme. 
Thus, there is also disclosed a cryptosystem that includes a central processor unit (CPU) 
coupled to a number of exponentiator elements. The exponentiator elements are special 
purpose arithmetic units designed and structured to be provided message data M, an 
encryption key e, and a number n (where [n=pi *p2 * . . . pj n = p \ pr- . . . pir , k being 
greater than 2) and return ciphertext C according to the relationship, 

[C=M e (mod(n))] C=M e (mod n) . 

Replace the paragraph beginning at col 4, line 45 with the following: 

Alternatively, the exponentiator elements may be provided the ciphertext C, a 
decryption (private) key d and n to return M according to the relationship, 

[M=C d (mod(n))] M=C d (mod n) 

Replace the paragraph beginning at col 4 y line 50 with the following: 

According to this decryption aspect of the invention, the CPU receives a task, 
such as the requirement to decrypt [cyphertext] ciphertext data C. The CPU will also be 
provided, or have available, a [public] private key [e] d and n, and the factors of n (pi, p2, 
. . . p*). The CPU breaks the [encryption] decryption task down into a number of sub- 
tasks, and delivers the sub-tasks to the exponentiator elements. [When the] The results of 
the sub-tasks are returned by the exponentiator elements to the CPU which [will], using a 
form of the CRT, combines the results to obtain the message data M. An encryption task 
may be performed essentially in the same manner by the CPU and its use of the 
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exponentiator elements. However, usually the factors of n are not available to the sender 
(encryptor), only the public key, e and n, so that no sub-tasks are created. 

Before the paragraph beginning at col 5, line 52, insert the following paragraph: 

Alternatively, a message data M can be encoded with the private key to a signed 
message data M. using a relationship of the form 

M s =M d (modn), 

The message data M can be reproduce from the signed message data Ms by decoding the 
signed data with the public key, using a relationship of the form 

M = M/(mod«). 



Replace the paragraph beginning at col 5, line 30 with the following: 

According to the present invention, the public key portion e is picked. Then, three 
or more random large, distinct prime numbers, pi, P2, . . - , Pk are developed and checked 
to ensure that each ( pi-1) is relatively prime to e. Preferably, the prime numbers are of 
equal length. Then, the product [n=pi, p2, . . . , pjj n= pvpi- . . . pv is computed. 

Replace the paragraph beginning at col 5 S line 36 with the following: 

Finally, the decryption [key] exponent , d, is established by the relationship: 

[che 1 mod ((pi -1) (p 2 -1) . . . (pk -1))] d= e l mod ((p L -IVfo, -IV . . An* - 
1)V or equivalently 

<fe e x mod (lcmffp i -IV (d z -IV ..Ad* -lffl 
Replace the paragraph beginning at col 5, line 41 with the following: 
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The message data, M is encrypted to ciphertext C using the relationship of (3), 
above, i.e., 

[C=M e mod n.] C=M e (mod n) 

Replace the paragraph beginning at col 5, line 46 with the following: 

To decrypt the ciphertext, C, the relationship of [(3)] (4), above, is used: 
[M=C d mod n] M=C d (mod ri) 
where n and d are those values identified above. 

Replace the paragraph beginning at col 5, line 52 with the following: 

Using the present invention involving three primes to develop the product n, RSA 
encryption and decryption time can be substantially less than an RSA scheme using two 
primes by dividing the encryption or decryption task into sub-tasks, one sub-task for each 
distinct prime. (However, breaking the encryption or decryption into subtasks requires 
knowledge of the factors of n. This knowledge is not usually available to anyone except 
the owner of the key, so the encryption process can be accelerated only in special cases, 
such as encryption for local storage. A system encrypting data for another user performs 
the encryption process according to (3), independent of the number of factors of n. 
Decryption, on the other hand, is performed by the owner of a key, so the factors of n are 
generally known and can be used to accelerate the process.) For example, assume that 
three distinct primes, pi, p2, and p3, are used to develop the product n. Thus, decryption of 
the ciphertext, C, using the relationship 



[M=C d (mod ri)] M=C d (mod ri) 



is used to develop the decryption sub-tasks: 



[M x =Ci dl mod pi] M L = C L dl fmod p L ) 
[M 2 =C 2 dl mod p 2 ] M2 =C z d2 (mod v z ) 
[M 3 =C 3 d3 mod p 3 ] M ± = C/ 3 (mod v^ ) 
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where 



[C\ =Cmod pu] C\ j= C (mod p \): 
[C 2 =Cmod p 2 ;] Cy = C (mod 
[C3 =Cmod P3 ;] Cj _= C (mod pV ); 
[d\ =dmod (p\ -1)] di= d (mod (p^ A)): 
[di =dmod (p 2 -1)] ^=^(modfp2"D) ; and 
[g?3 =fi&nod (/?3 -1)] tA-^^niod(p2-l)) . 



Replace the paragraph beginning at col 5, /frie 24 with the following: 

The results of each sub-task, Mi, M 2? and M3 can be combined to produce the 
plaintext, M, by a number of techniques. However, it is found that they can most 
expeditiously be combined by a form of the Chinese Remainder Theorem (CRT) using, 
preferably, a recursive scheme. Generally, the plaintext M is obtained from the 
combination of the individual sub-tasks by the following relationship: 

1 1 = r H -HW; -ru) (w{ 1 (mod pfi) (mod pd)- w L (mod n) [Y t =Y iA +[(M, -Y h 
1) (wf x mod pi)mod pi\-Wi mod n] 

where [i >2] 2< i <k where k is the number of prime factors of n, and 
M=Y h Y x =C h andwrY[ Pj 



Encryption is performed in much the same manner as that used to obtain the plaintext M, 
provided (as noted above) the factors of n are available. Thus, the relationship 



[OAf* (mod n)] C=M e (mod n\ 



can be broken down into the three sub-tasks, L 



[Ci=Mi fil mod/>i] C, = M/' 



(mod;?,), 
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[C 2 =M 2 e2 mod p 2 ] C 2 = M 2 e * (mod p 2 ) _and 
[C 3 =M 3 e3 mod Ps \ C 3 = (mod /> 3 ) a 

[M\ =M(mo& pi)] Mi = M (mod p\\ 
[M2 =M(mod pi)] Mi_ = M (mod p?^ 
[M3 =M(mod 773)] M^^Mfmod Eh J, 
[^i =emod (pi -1)] e 1 = e mod (p ± -1\ 
[e 2 =emod (P2 -1)] = g mod fp? "1^ and 
(>3 =emod (p3 -1)] gq = gmod(p2-l). 
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Replace the paragraph beginning at col 6 y line 65 with the following: 

In generalized form, the ciphertext C (i.e., [decrypted] encrypted message M] can 
be obtained by [the same summation] a recursive scheme as identified above to obtain the 
ciphertext C from its contiguous constituent sub-tasks C,. 



Replace the paragraph beginning at col 7, line 1 with the following: 

Preferably, the recursive CRT method described above is used to obtain either the 
ciphertext[ ? ] C[J or the deciphered plaintext (message) M due to its speed. However, 
there may be [occasions] implementations when it is beneficial to use a non-recursive 
technique in which case the following relationships are used: 

k k 

M= V M« (w\ l (mod pi))- w\ (mod n) [M = £ Mi (w}~ ] mod pi) Wj mod 

n] 

where 
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[Wi = Yl PA ^ 



n ^ 



k is the number (3 or more) of distinct primes chosen to develop the product n. 

Replace the paragraph beginning at col 7, line 1 7 with the following: 

Thus, for example above (k=3), M is constructed from the returned sub-task 
values Mi, M2, M3 by the relationship 



Replace the paragraph beginning at col 7 y line 52 with the following: 

The I/O bus 30 communicatively connects the CPU to a number of exponentiator 
elements [32 a , 32t>, and 32r] 32a. 32b and 32c . Shown here are three exponentiator 
elements, although as illustrated by the "other" exponentiators [32 n ]32n, additional 
exponentiator elements can be added. Each exponentiator element is a state machine 
controlled arithmetic circuit structured specifically to implement the relationship 
described above. Thus, for example, the exponentiator 32a would be provided the values 
Mi, ei, and pi[, n] to develop C\. Similarly, the exponentiator circuits 32b and 32c 
develop C 2 and C3 from corresponding subtask values M2, e2, [P2]£>2 5 M3, and [P3]g3. 

Replace the paragraph beginning at col 8, line 1 with the following: 



[M=M\ (w\ mod p\) w\ mo&ln+Mi (wi mod pi) w 2 mod n + 



M3 (w3~ mod pi) W3 mod n] M= MAwj (mod pj)\ w± (mod ri) 



+ Mr (wi (mod pi))- wi (mod n) 



+ Mi (wj (mod pii)- w>\ (mod n) 



where 



wi =P2 P3, =P\ P3, and w 3 =pi pi. 



V 
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In order to ensure a secure environment, it is preferable that the cryptosystem 10 
meet the Federal Information [Protection System] Processing Standard (FIPS) 140-1 level 
3. Accordingly, the elements that make up the CPU 14 would be implemented in a design 
that will be secure from external probing of the circuit. However, information 
communicated on the I/O bus 30 between the CPU 14 and the exponentiator circuits 32 
(and external memory 34~if present) is exposed. Consequently, to maintain the security 
of that information, it is first encrypted by the DES unit 24 before it is placed on the I/O 
bus 30 by the CPU 14. The exponentiator circuits 32, as well as the external memory 34, 
will also include similar DES units to decrypt information received from the CPU, and 
later to encrypt information returned to the CPU 14. 



Replace the paragraph beginning at col. 8, line 52 with the following: 

In similar fashion, information is conveyed to or retrieved from the exponentiators 
32 by the processor 20 by write or read operations at addresses within the address range 
44. Consequently, writes to the exponentiators 32 will use the DES unit 24 to encrypt the 
information. When that (encrypted) information is received by the exponentiators 32, it is 
decrypted by on-board DES units (of each exponentiator 32). The result[s] of the task 
performed by the exponentiator 32 is then encrypted by the exponentiator's on-board 
DES unit, retrieved by the processor 20 in encrypted form and then decrypted by the DES 
unit 24. 



Replace the paragraph beginning at col. 9, line 24 with the following: 

Assume, for the purpose of the remainder of this discussion, that the 
encryption/decryption tasks performed by the cryptosystem 10, using the present 
invention, employs only three distinct primes, pi, p 2 , P3- The processor 20 will develop 
the sub tasks identified above, using M, e, pi p 2 , P3 Thus, for example, if the 
exponentiator 32a were assigned the sub-task of developing d, the processor would 
develop the values Mi [J and ei[, and (pi -1)] and deliver [units] (write) these values, with 
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[n]pi, to the exponentiator 32a. Similar values will be developed by the processor 20 for 
the sub-tasks that will be delivered to the exponentiators 32b and 32c. 

Replace the paragraph beginning at col. 10, line 15 with the following: 

Alternatively, the [postlhost-svstem 50 may desire to deliver, via the 
communication medium 60, an encrypted communication to one of the stations 64. If the 
communication is to be encrypted by the DES scheme, with the DES key encrypted by 
the RSA scheme, the host system would encrypt the communication, forward the DES 
key to one of the cryptosystems 10 for encryption via the RSA scheme. When the 
encrypted DES key is received back from the cryptosystem 10, the host system can then 
deliver to one or more of the stations 64 the encrypted message. 

Replace the paragraph beginning at col. 10, line 25 with the following: 

Of course, the host system 50 and the stations 64 will be using the RSA scheme of 
public key encryption/decryption. Encrypted communications from the stations 64 to the 
host system 50 require that the stations 64 have access to the public key [E (E, N)] E^e, 
n) while the host system maintains the private key [D (D, N J D=(d, n) and the constituent 
primes, pi, p 2 , . . . , Pk). Conversely, for secure communication from the host system 50 to 
one or more of the stations 64, the host system would retain a public key E' for each 
station 64, while the stations retain the corresponding private keys [E] D\ 

Replace the paragraph beginning at col. 10, line 35 with the following: 

Other techniques for encrypting the communication could used. For example, the 
communication could be entirely encrypted by the RSA scheme. If, however, the 
message to be communicatedfion] is represented bv a nume rical value greater than n-1, it 
will need to be broken up into blocks size M where 



[0<M <N-1] 0<M<n-\. 
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In the Claims 



Amend claims 7-73 (following the format of the claims as presented herein, including 
insertion of new lines and indentations where applicable), and add new claims 14-61 as follows: 



1 . (Amended) A method [for establishing] of processing a message for use in cryptographic 
communications comprising the steps of: 

developing a composite number, n. as a product of pvuv. . . . ^ where k is an integer greater 
than 2, and pu p? p^ are distinct random prime numbers; and 

encoding a plaintext message word signal M to a ciphertext word signal C, where M corresponds 
to a number representative of [a] the message and 

0<M<n-\ x 

[n being a composite number formed from the product of prp2-. • - -'Pk where k is an 
integer greater than 2, pi, p 2 , . . . pk are distinct prime numbers, and] where C is a number 
representative of an encoded form of the plaintext message word signal M such that 

Gs M e (mod n\ and [, wherein said encoding step comprises the step of: 

transforming said message word signal M to said ciphertext word signal C whereby 

C=M e (mod n)] 

where e is a number relatively prime to (pi -l)*(p2 -l >...-(pv-lV 

2. (Amended) The method according to claim 1 , comprising the further step of: 

establishing a number, d. as a multiplicative inverse of 

e(modncmf(p2 -1), (p? -1) (pv -1)))): and 

decoding the ciphertext word signal C to the plaintext message word signal M[, wherein said 
decoding step comprises the step of: transforming said ciphertext word signal C] 
where[by:] 

[M=C d (mod n)] M^C^mod n) 
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[where d is a multiplicative inverse of e(mod(lcm((pi -1), (p2 -1 ),..., (pk - 1 ))))]- 



3. (Amended) A method [for transferring] of processing a message signal Mi for use in a 
communications system having j terminals, [wherein] each terminal [is] being characterized by 
an encoding key Ei =(ei, nj) and decoding key Dj =(dj, nO, where i=l, 2, . . . , j, and [wherein] the 
message signal Mi [corresponds] corresponding to a number representative of a message-to-be- 
transmitted from the i th terminal, the method comprising the steps of: 

computing n; where n* is a composite number of the form 

[nj =Pi,i -pi^ . . . ,-pyJ n j ^P m 'P\ l ' 'P j± 

where k is an integer greater than 2, 

Ri> Pi,2, • - - , Pi,k are distinct random prime numbers, 

ei is relatively prime to [lcm(pj,i -1, pi,2 -1, Pi,k -1)] lcmfo n -1, /ft? -h... p \ k-l\ and 

di is selected from the group consisting of the class of numbers equivalent to a 
multiplicative inverse of 

e\ (mod(lcm((p u -1), (p w -1), . . . , (p\jt -l))))l[, 

comprising the step of:] 

encoding a digital message word signal [Ma]Mi for transmission from a first terminal (i=l[A]) to 
a second terminal (i=2[B]), said encoding step including the sub-step of: 

transforming said message word signal [Ma]Mi to one or more message block word signals 
[Ma m ]Mj/ ! , each block word signal [Ma"]Mi" corresponding to a number representative 
of a portion of said message word signal [Ma]Mi m ^ e ran B e O^Ma" <n?-l [0< M A " <nB 

transforming each of said message block word signals [Ma"]Mi " to a ciphertext word signal [Ca, 
Ca corresponding] Cj_ that corresponds to a number representative of an encoded form of 
said message block word signal [M A M ]Mi M [ 5 ] where[by:] 

[C A =M A " eB (mod n B )]C = M x (mod« 2 ) . 
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4. (Amended) A cryptographic communications system comprising: 

a communication [medium] channel adapted for transmitting a ciphertext word signal C that 
relates to a transmit message word signal M : 

[an ]encoding means coupled to said channel and adapted for transforming [a] the transmit 
message word signal M to [a] the ciphertext word signal C using a composite number, n, 
where n is a product of the form 

n=v vv v 

k is an integer greater than 2, and 

pu p9 Pjr are distinct random prime numbers [and for transmitting C on said channel], 

where the transmit message word signal M corresponds to a number representative of a 
message and 

0< M < n-1 [where n is a composite number of the form 

n=p v pr 'Pk 

where k is an integer greater than 2 and pi, p 2 , . . . , pk are distinct prime numbers, and] 

where the ciphertext word signal C corresponds to a number representative of an 
[enciphered] encoded form of said message through a relationship of the form ["and corresponds 



where e is a number relatively prime to lcm(pl -1, p2 -1, . . . , pk -1); and 

[a ]decoding means coupled to said channel and adapted for receiving the ciphertext word signal 
C from said channel and for transforming the ciphertext word signal C to a receive 
message word signal M f where M' corresponds to a number representative of a 
[deciphered] decoded form of the ciphertext word signal C [and corresponds to] through 
a relationship of the form 



to] 



C=M e (mod n) , and 



A/=C rf (mod n) 



15 



SV/107030.02 
10192000/15:19/20206.14 



Attomcj^^l 



ketNo.: 20206-14 (PT-TA-410) 



where d is selected from the group consisting of [the] a class of numbers equivalent to a 
multiplicative inverse of 

e(modflcm(<pi -1), (p 2 -1), .1)))). 



5. (Amended) A cryptographic communications system having a plurality of terminals coupled 
by a communications channel, [including] comprising: 

a first terminal of the plurality of terminals characterized by an [associated] encoding key 
E A KeA, n A ) and a decoding key D A =(d A , n A ), 

( 

where[in] n A is a composite number of the form 

**A =J>AJ'PA,2 • ■ pA,k 

where j 

k is an integer greater than 2, 

Pa,i, Pa,2> ♦ . . » Pa,ic are distinct random prime numbers, 

eA is relatively prime to 

IcmipAj -h Pa,2 -1, . • • , PA,k -1), and 

d A is selected from the group consisting of the class of numbers equivalent to a 
multiplicative inverse of 

e A (mod(lcm((/?A,i -1), (Pa,i -1), . . . , (p A)k A)))) : and [,] 

[and including ]a second terminal of the plurality of terminals having f, comprising:] 

blocking means for transforming a first message a [-to-be-transmitted] which is to be 

transmitted on said communications channel from said second terminal to said 
first terminal^ to one or more transmit message word signals Mb, where each Mb 
corresponds to a number representative of said message in the range 

0<M B <n A -\, 

encoding means coupled to said channel and adapted for transforming each transmit 

message word signal M B to a ciphertext word signal C B that [and for transmitting 
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C B on said channel, where C B ] corresponds to a number representative of an 
[enciphered] encoded form of said first message [and corresponds to] through a 
relationship of the form 



[C B =M B eA (mod ha)] C b = M k 



(modn,), 



[wherein ]said first terminal having [comprises:] 

decoding means coupled to said channel and adapted for receiving said ciphertext word 
signals Cb from said channel and for transforming each of said ciphertext word 
signals Cb to a receive message word signal [M b ]M'b, and 

means for transforming said receive message word signal[s] [M'JM'b to said first 
message, where [M']M ! b [is] corresponds to a number representative of a 
[deciphered] decoded form of Cb [and corresponds to] through a relationship of 
\the form 



6. (Amended) The system according to claim 5 wherein said second terminal is characterized by 
an [associated] encoding key [E B =(e 5? n^lEp =(eg, tin ) and a decoding key [DB=(D 5 , d B )]DB 
=(dn. n s \ where [: <, 

] nB is a composite number of the form 
kb -J>bxPbx . . .-pB,k 



where k is an integer greater than 2, 

Pbjn pR? Pg ± [ p B,i, Pb,2 ? . . . PbjJ are distinct random prime numbers, 

es is relatively prime to 
lcm(pB,\-l 9 pB,2-h • • • Pb,*tI), and 

ds is selected from the group consisting of [the] a class of numbers equivalent to a 
multiplicative inverse of 

e B (modClcm^irl), (p B ,2 -1), . . . , (p B ,k -1)))), 



[M B '^ B da (mod via)] M\ = C B dA (modwj. 



17 



SV/107030.02 
10192000/15:19/20206.14 



# 



Attorn< 



;ketNo.: 20206-14 (PT-TA-410) 



[wherein ]said first terminal [comprises:] further having 

blocking means for transforming a second message, [-to-be-transmitted] which is to be 
transmitted on said communications channel from said first terminal to said 
second terminal, to one or more transmit message word signals Ma, where each 
Ma corresponds to a number representative of said message in the range 

[0< M A eB (mod n B )] 0<M4<nn A 

encoding means coupled to said channel and adapted for transforming each transmit 

message word signal M A to a ciphertext word signal C A and for transmitting C A 
on said channel, [ 

]where Ca corresponds to a number representative of an encoded[enciphered] 
form of said second message [and corresponds to] through a relationship of the 
form 



[wherein] said second terminal [comprises;] further having 

decoding means coupled to said channel and adapted for receiving said ciphertext word 
signals Ca from said channel and for transforming each of said ciphertext word 
signals to a receive message word signal [Ma'JMa, and 

means for transforming said receive message word signals [Ma]M'a to said message, [ 



7. (Amended) A method [for establishing] of processing a message for use in cryptographic 
communicationSi comprising the steps of: 

developing a composite number, n, as a product of at least 3 whole number factors greater than 
one, the factors being distinct random prime numbers: and 



[C A =M A eiS (mod n B )] C A = M A 



(mod^) 



]where [M f ] M'a corresponds to a number representative of a [deciphered] 
decoded form of Ca [and corresponds to] through a relationship of the form 



[M A ^C A dB (mod n B )] M\ = c/ B (modn B ) . 
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encoding a digital message word signal M to a [cipher text] ciphertext word signal C, where said 
digital message word signal M corresponds to a number representative of a message and 

0<M<n-l, 

[where n is a composite number having at least 3 whole number factors greater than one, the 
factors being distinct prime numbers, and] 

where said ciphertext word signal C corresponds to a number representative of an 
encoded form of said message [word M,] through a relationship of the form 

[wherein said encoding step comprises the step of: 

transforming said message word signal M to said ciphertext word signal C whereby] 

C= a e M e +a e .i M e ~ l +. . . +a 0 (mod n) 

where e and a^ a^i, . . . , ao are numbers. 



8. (Amended) [In the] A method according to claim 7 wherein said encoding step further 
includes the step of 

transforming said digital message word signal M to said cipertext word signal C by the 
performance of a first ordered succession of inveritble operations on M, [the 
further step of:] 

and wherein the method further comprises the step of: 

decoding said cipertext word signal C to said digital message word signal M by the performance 
of a second ordered succession of invertible operations on C, where each of the invertible 
operations of said second ordered succession is the inverse of a corresponding one of said 
first ordered succession, and where [in] the order of said invertible operations in said 
second ordered succession is reversed with respect to the order of corresponding 
invertible operations in said first ordered succession. 



9. (Amended) A communication system for [transferring] processing message signals [Mj], 
comprising: 



19 

SV/107030.02 
10192000/15:19/20206.14 



Attorm 



;ket No.: 20206-14 (PT-TA-410) 



]j terminals including first and second terminals fstations], each of the j [stations]tenninals 



being characterized by an encoding key E\ =(ej, m) and decoding key Dj =(di ? n{)[ ], where 
i=l,2, . . . j, [and wherein 

M^corresponds to a number representative of a message signal to be transmitted from the 
terminal,] each of the j terminals being adapted to transmit a particular one of the 
message signals where an I th terminal corresponds to an \ th message signal M u and 

0<M<W;-1, 

ni [is] being a composite number of the form 
[Hi =piupi,2 *• • • Pi,k] rii =pu-pn ■ • tV \ l 
where 

k is an integer greater than 2, 
Pu» P/,2> • • . Pa are distinct random prime numbers, 
ej is relatively prime to 
lcm(p u -l,p;,2-l ? . . • and 

di is selected from the group consisting of the class of numbers equivalent 

to a multiplicative inverse of 

e t (mod(lcm((p u -1), (p it2 -1), . . . , (Pu -1)))); 

said fal first terminal [one of the j terminals] including 

means for encoding a digital message word signal [Ma] Mi [for transmission] to be 
transmitted from said first terminal (i=I[A]) to [a]said second terminal [one of the j terminals] 
(i=2[B]) ? said encoding means [for] transforming said digital message word signal [M A ]Mi to a 
signed message word signal [Mas] M k using a relationship of the form [,Mi s corresponding to a 
number representative of an encoded form of said message word signal M A , 



whereby:] 



[Mas =M A dA (mod ha)]M, s e M* x (mod*,) . 
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1 0. (Amended) The communication system of claim 9 further comprising: 

means for transmitting said fsignall signed message word signal [Mas] Mis from said first 
terminal to said second terminal, [and wherein] 

said second terminal [includes] including 

means for decoding said signed message word signal [Mas] Mis to said digital message 

word signal [M A ,] Mi using a relationship of the form [said second terminal 
including:] 

M x =M { J l (mod^) 

[means for transforming said signed message word signal M As to said message word 
signal M A , whereby 

M A =M As eA (mod n A )l 



1 1 . (Amended) A communications system for transferring a message signal [MJ, the 
communications system comprising^ 

[ D communication stations including first and second stations, each of the i 
communication stations being characterized by an encoding key Ej=(ei, n;) and a 
decoding key Dj =(d i? m), where i=l, 2,. . . , j 3 [and wherein Mj corresponds to a number 
representative of a message signal to be transmitted from the i* terminal,] each of the i 
communication stations be ing adapted to transmit a particular one of the message sig nals 
where an I th co mmunication station corresponds to an i th message signal M;. and 

0<Mi<n r l 

n* [is] being a composite number of the form 

n 'i = ^u P& ■ ■ 'Pa 
where 

k is an integer greater than 2, 

Pu> R2, - . . ,Pi,k are distinct random prime numbers, 
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d is relatively prime to lcm(p u -l,p i;2 -1, . . . ,p i>k -l), and 

dj is selected from the group consisting of the class of numbers equivalent to a 
multiplicative inverse of 

e, (mod(lcm((p u -1), (p u -1), . . . , (p ik ,\)))\ 

[a]sajd first station [one of the j communication stations] including 

means for encoding a digital message word signal [M A ] Mi [for transmission] to be 

transmitted from said first station [one of the j communication stations] (i=i[A]) 
to [a] said second station [one of the j communication stations] (i=2[B]), 

means for transforming said digital message word signal [M A ] Mi to one or more 

message block word signals [M A '] Mi", each block word signal [Ma'] Ml! being a 
number representative of a portion of said message word signal [M A ']Mi in the 
range 

0<A//"<m 2 -1 £0< M A < n B -1], and 

means for transforming each of said message block word signals [M A "] Mi" to a 

ciphertext word signal Ci using a relatinshio of the form [C A , C A corresponding 
to a number representative of an encoded form of said message block word signal 
M A ", whereby:] 

[C A =M A f b (mod nrf] C, = M"/ 2 (modw 2 ) . 



12. (Amended) The communications system of claim 1 1 further comprising: 

means for transmitting said ciphertext word signals Ci from said first [terminal] station to said 
second [terminal] station, [and] 

wherein said second [terminal] station includes 

means for decoding said ciphertext word signals Ci to said message block word signals 
[MA] M 1 " using a relationship of the formf . said second terminal including: 

means for transforming each of said ciphertext word signals C A to one of said message block 
word signals M A ", whereby 
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M A "z€ A Db (mod n B )\ M\ = C/ J (mod n 2 ) ^and 



means for transforming said message block word signals [Ma"] M£ to said message 
word signal [M A ]Mi. 



13. (Amended) 



[In a] A communications system, [including] comprising: 



a first station; and 

[and] a second [communicating] stations interconnected to the first station for communications 
therebetween, 

the first communicating station having 

encoding means for transforming a transmit message word signal M to a ciphertext word 
signal C where transmit message word signal M corresponds to a number 
representative of a message and 

0<M<n-\ 

{where] n [is] being a composite number formed as a product of [having] at least 
3 whole number factors greater than one, the factors being distinct random prime 
numbers, and 

where the ciphertext word signal C corresponds to a number representative of an 
[enciphered] encoded form of said message through a relationship of the form [and 
corresponds to] 

C= a e M e +a eA M eA +. . . +a 0 (mod ri) 

where e and ae, a^-if-l], . . . , ao are numbers; and 

means for transmitting the ciphertext word signal C to the second [communicating] 



station. 
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A method of processing a message for use in cryptographic communications comprising 

the steps of: 

selecting a public key portion e: 

developing k disti nct random prime numbers, pu . . . where k > J. and checking that each 
of the k distinct ra ndom prime numbers minus 1, _p i -l. . . . pv-K is relatively prime 
to the public key portion e: 

computing a comp osite number, n. as a product of the k distinct random prime numbers: and 

encoding a plaintext message data M to a ciphertext message data C using a relationship of the 
form O M e (mod n\ where 0<M <n-\ . 

i 15. The method according to claim 14, comprising the further step of: 

establishing a private key portion d by a relationship to the public key portion e in the form of 
d = e-\mod((p x -\y{p 2 -\)-{p k -l)))j and 

decoding the ciphertext message data C to the plaintext message data M using a relationship of 
the form M= C d (mod n\ 

16. A method of processing a message for use in cryptographic communications comprising 
the steps of: 

selecting a public key portion e: 

developing k distinct random prime numbers, pu p? where k >3. and checking that each 

of the k distinct random prime numbers minus L p i -K p?-l. . . . pir-1, is relatively prime 
to the public key portion e: 

establishing a priv ate key portion d bv a relationship to the public key portion e in the form of 
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d S e-' (mod((p, - 1) ■ (p 2 - 1) • • ■ (p k - 1))) ; 

computing a composite number, n. a s a product of the k distinct random prime numbers: 
obtaining a cinhertext message data C: and 

decoding the ciphertext message data C to a plaintext message data Musing a relationship of the 
form Ms C rf (mod n\ 



1Z: The method according to claim 16. comprising the further step of: 

encoding the plaintext message data M to the cinhertext message data C. using a relationship of 
the form C= M e (mod n\ where 0<M <n-\. 

iiL A method of processing a messag e for use in cryptographic communications comprising 

the steps of: 

selecting a public key portion e: 

developing k distinct random prime numbers, p,_ , m py. where k >3. and checking that each 

of the k distinct random pr ime numbers minus 1. m-l p*-1. is relatively prime 

to the public key portion e: 

establishing a private k ey portion d bv a relationship to the public kev portion e of the form 
d = e~ x (modCQ?, ~ 1) • (P 2 ~ 1) • • • (J>> ~ 1))) I 

computing a composite number, n. as a product of the k distinct random prime numbers: 

encoding a plaintext m essage data M with the private kev portion d to produce a signed message 
M ; using a relationship of the form M<= M d (mod n\ where 0<M <n-\ . 



1 9. The method of claim 1 8 further comprising the step of: 

decoding the signed message M^ with the public kev portion e to produce the plaintext message 
data Musing a relationship of the form M= M* (mod n\ 
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2!L A method for increasing the efficienc y of a cryptographic process, comprising the steps 

of: 

selecting a public key portion e: 

developing k distinct random prime numbers. P b p,. . . , ^ where k > 3. and checking that each 

of the k distinct random prim e numbers minus 1. p r l. p,-l p^-i. j s relatively p rime 

to the public key portion e: 

computing a composite number, n. as a product of the k distinct random prime numbers: and 

encoding a plaintext message data M t o a cinhertext message data C. using a relationship of the 
form C= M e (mod n\ where 0<M<n-\. 

whereby a computational speed of the cryptographic process is increased. 

2L The metho d according to claim 20. comprising the further step of: 

establishing a private key portion d bv a relationship to the public kev portion e in the form of 
d se g- 1 (modCQ! - 1) ■ (p 2 - 1) ■ . ■ (p k - 1))) : and 

decoding the ciphertext message data C to the plaintext message data Musing a relationship of 
the form M= C d (mod n\ 



ZL A method for increasin g the efficiency of a cryptographic process, comprising the steps 

of: 

selecting a public kev portion e: 

developing k distinct random prime numbers, p i . m pk where k >i. and checking that each 

of the k distinct random p rime numbers minus 1. p?-!. . . . Dv-l. is relatively p rime 
to the public kev portion e: 

establishing a private kev portion d b v a relationship to the public kev portion e in the form of 

d S e~ x (modCfo - 1) • (p 2 - 1) • • • (p k - 1))) ; 
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computing a composite number, n. as a product of the k distinct random prime numbers: 
obtaining a ciphertext message data C: and 

decoding the ciphertext message data C to a plaintext message data M using a relationship of the 
form AfeC* (mod ri\. 

whereby a computatio nal speed of the cryptographic process is increased. 

23. The method according to claim 22, comprising the further step of: 

encoding the plaintext message data M to the ciphertext message data C. using a relationship of 
the form C= M e (mod n). where 0<M<h-l. 



24: The method according to claim 20. wherein p and a are a pair of prime numbers the 

product of which equals n. and wherein the k distinct random prime numbers are each smaller 
than p and o. whereby for a given l ength of n it takes fewer computational cycles to find and 
check the K distinct ra ndom prime numbers that it takes to find and check the pair of prime 
numbers p and q. 



25. The method accordin g to claim 22. wherein p and a are a pair of prime numbers the 

product of which equals n. and wherein the k distinct random prime numbers are each smaller 
than p and a. whereby for a given length of n it takes fewer computational cycles to find and 
check the K distinct ra ndom prime numbers that it takes to find and check the pair of prime 
numbers p and q. 



2JL The method according to claim 24. wherein the developing and computing steps can be 

performed for n that is more than 600 digits long faster than heretofore possible with only the 
pair of prime numbers p and q. 
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27. The method according to claim 25, wherein the developing, computing and encoding 
steps can be performed for n that is more than 600 digits long faster than heretofore possible with 
only the pair of prime numbers p and q. 

28. The method according to claim 14, wherein p and q are a pair of prime numbers the 
product of which equals n, and wherein the k distinct random prime numbers are each smaller 
than p and q, whereby for a given length of n it takes fewer computational cycles to find and 
check the K distinct random prime numbers that it takes to find and check the pair of prime 
numbers p and q. 

29. The method according to claim 28, wherein the developing and computing steps can be 
performed for n that is more than 600 digits long faster than heretofore possible with only the 
pair of prime numbers p and q. 

30. The method according to claim 16, wherein p and q are a pair of prime numbers the 
product of which equals n, and wherein the k distinct random prime numbers are each smaller 
than p and q, whereby for a given length of n it takes fewer computational cycles to find and 
check the K distinct random prime numbers that it takes to find and check the pair of prime 
numbers p and q. 

31. The method according to claim 30, wherein the developing and computing steps can be 
performed for n that is more than 600 digits long faster than heretofore possible with only the 
pair of prime numbers p and q. 

32. The method according to claim 18, wherein p and q are a pair of prime numbers the 
product of which equals n, and wherein the k distinct random prime numbers are each smaller 
than p and q, whereby for a given length of n it takes fewer computational cycles to find and 
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check the K distinct random prime numbers that it takes to find and check the pair of prime 
numbers p and q. 

33. The method according to claim 32. wherein the develo ping and computing steps can be 
performed for n that is more than 600 digits long faster than he retofore possible with only the 
pair of prime numbers p and q. 

34. The method according to claim 14. wherein a messag e processed in accordance with the 
method is compatible with two-prime RSA public kev cryptography. 



?. 35. The method according to claim 14. wherein a message processed in accordance with the 
fc? method is compatible with two-prime RSA public k ev cryptography. 

SMI* 



% 36. The method according to claim 1 6. wherein a message processed in accordance with the 
JJ method is co m patible with two-prime RSA public k ev cryptography. 



37. The method according to claim 18. wherein a messag e processed in accordance with the 
method is compatible with two-prime RSA publi c kev cryptography. 



1 i*>~ 



38. The method according to claim 20. wherein message dat a processed in accordance with 
the method is compatible with two-prime RSA p ublic kev cryptography. 

39. The method according to claim 22. wherein message data processed in accordance with 
the method is compatible with two-prime RSA p ublic kev cryptography. 

40. A cryptography method for local storage of data bv a private kev owner, comprising the 
steps of: 
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selecting a public kev portion e; 

developing k distinct random prime numbers, p .. p z pw where k>3, and checking that each 

of the k distinct random prime numbers minus 1. p ^-1 n p 2 - 1 - - - - P*-' 1 - is relatively prime 
to the public kev portion e; 

establishing a private kev portion d bv a relationship to the p ublic kev portion e in the form of 

d ^ e' 1 (mod(( Pl - 1) • {p 2 - 1) • • • (p k - 1))) 1 

computing a composite number, n. as a product of the k d istinct random prime numbers that are 
factors of n. where only the private kev o wner knows the factors of n: 

encoding plaintext data M to ciphertext data C for th e local storage, using a relationship of the 
form C= M e (mod n\ where 0<M <n-\ . 



41 . The cryptography method in accordance with claim 40. further comprising the step of: 
decoding the cinhertext data C from the local storage to t he plaintext data Musing a relationship 
of the form M= C d food rii. 



42. A cryptographic communications sys tem, comprising: 

a plurality of stations: 

a communications medium: and 

a host system adapted to conduct encrypted communi cations with the plurality of stations via the 
communications medium, the host system including 

at least one cryptosvstem responsive to encryption a nd/or decryption requests from the 
host system, the crvntosvstem be ing configured for 

developing k distinct random prime numbers, vu P?, ■ • ■ Pk, where k > 3, 

checking that each of the k distinct random prime num bers minus 1. Pi-1. th-l 

pi,-l. is relatively prime to a public kev portion e that is associated with the 
host system, 
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computing a composite number. n.asa product of the k distinct random prime 
numbers, 

encoding a plaintext message data M producing the refrom a ciohertext message 
data C to be communicated via the host system, the encoding using a 
relationship of the form C= M e (mod ri). w here 0<M<n-\. 

establishing a private kev portion d bv a relationship to the pu blic kev portion e 
in the form of d = e" 1 (mod((/>, - 1) • (p 2 - 1) • • • (p k - l)))i and 

decoding a ciphertext message data C commu nicated via the host producing 
therefrom a plaintext message data M using a re lationship of the form 
M= C d (mod ri). where C and Af can be respectiv ely C and M 



43 . A system for processing a message used in cryptogra phic communications, comprising: 
a bus: and 

a crvptosvstem operativelv coupled to and receiving from th e bus encryption and decryption 
requests, the crvptosystem being capable of . 

providing a public kev portion e, 

developing k distinct random prime numbers. o >, Pi p± where k >3. 

checking that each of the k distinct random prime n umbers minus 1. Pi-1. pr-1, . ■ . Pk-1, 

is relatively prime to the public kev portion e, 
com puting a composite number, n. as a product of the k distinct random prime numbers, 
encoding a plaintext form of a first message M to prod uce a ciphertext form of the first 

message C using a relationship of the form C= M e (mod «\ where 0<M<h-l, 

establishing a private kev portion d bv a relationship to the p ublic kev portion e in the 
form of d = £f 1 (mod((/>, - 1) • (p 2 - 1) •••(/»* - 1))) .and 
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decoding the ciphertext form of a second message C to produce the plaintext form of the 



44. The system of claim 42, wherein the at least one crvptosvstem includes 

a plurality of exponentiators configured to operate in parallel in developing respective 
subtask values corresponding to the message. 

45. The system of claim 42, wherein the at least one crvptosvstem includes 
a processor, 

a data-address bus, 

a memory operativelv coupled to the processor via the data-address bus, 

a data encryption standard (PES) unit operativelv coupled the memory and the processor 
via the data-address bus, 

a plurality of exponentiator elements operativelv coupled to the processor via the PES 
unit, the plurality of exponentiator elements being configured to operate in 
parallel in developing respective subtask values corresponding to the message. 

46. The system of claim 45, wherein the memory and each of the plurality of exponentiator 
elements has its own PES unit that encrypts message data received/returned from/to the 
processor. 

47. The system of claim 45, wherein the memory is partitioned into address spaces 
addressable by the processor including secure, insecure and exponentiator elements address 
spaces, and wherein the PES unit that is coupled to the processor is configured to recognize the 
secure and exponentiator elements address spaces and to automatically encrypt message data 
therefrom before it is provided to the exponentiator elements, the PES unit being bypassed when 



second message AT using a relationship of the form Affes C d (mod n\ the first and 
second messages can be one and the same. 
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the processor is accessing the insecure memory address spaces, the PES unit being further 
configured to decrypt encrypted message data received from th e memory before it is provided to 
the processor. 

48. The system of claim 45. wherein the at least one cr vptosvstem meets FTPS TFederal 
Information Processing Standard - ) 140-1 level 3. 

49. The system of claim 45. wherein the processor maintai ns in the memory the public key 
portion e and the composite numb er n with its factors vu v-> 

50. A system for processing a message used in cryptographic communications, comprising: 
a bus: and 

a crvptosvstem receiving from the svstem via the bus encryption and decryption requests, the 
crvptosvstem including 

a plurality of exponentiator elements confi gured to develop subtask values. 

a memory, and 

a processor configured for 

receivin g the encryption and decryption requests, each encryption request 
providing a plaintext mes sa ge Mto be encrypted, each encryption request 
can additionally provide a public kev that includ es an exponent e and a 
representation of a modulus « in the fo rm of its k distinct random prime 
number factors p b - P±- where k Z 3. or the pro cessor can obtain the 
public kev from the memory, 
instructing subtasks to be executed bv the exp onentiator elements for producing 
respective ones of the subtask values. C u C->_ CI. and 

forming a ciohertext message C from the su btask values G. C% . . . Cw 
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51. The system of claim 50 wherein each one of the subtasks C u C 2 . . . . C* is developed 
using a relationship of the form C. = M' 1 (mod j?^. where M, = M (mod p i ) 1 _and 

= e(mod - 1) .where i=L 2. ... k. 

52. A system for processing a message used in cryptographic comm unications, comprising: 
a bus: and 

a crvptosvstem receiving from the system via the bus encryption a nd decryption requests, the 
crvptosvstem including 

a plurality of exponentiator elements configured to develop subtask values. 

a memory, and 

a processor configured for 

receiving the encryption and decryption requests, ea ch encryption/decryption 

request providing a plaintext/ciphertext message MJC to — be 

encrvpted/decrvpted and can additionally provide a public/pri vate kev that 
includes an exponent e/d and a representation of a modulus n in the form 

of its k distinct random prime number factors D u pi_ Dv. where k >3, or 

the processor can obtain the public/private k ev from the memory, 

constructing subtasks to be executed bv the exponentiator el ements for producing 
respective ones of the subtask values. M i . Mo. . . . MU Cu, Ci_ Cv, and 

formin g the ciphertext/plaintext message CIM from the su btask values Cu C;, 

CJMu M z . . . . Mk. 

53. The system of claim 52 wherein when produced each one of the sub tasks Cu C?, . . . CiJs 
developed using a relationship of the form C, = M' 1 (mod p l ) , where C, = C(modp,)^ and 

e f = e(mod p i - 1) .where i=1.2. ... k. 
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54. The system of claim 52 wherein when produced each one of t he subtasks M. M? A4 

is developed using a relationship of the form M, = Cf' (mod p i ) ^where_M ; . = M(mod/?,)^and 

d, s d(mod /?, - D .where i=l. 2. ... k. 



55. The system of claim 54. wherein the private kev exp onent d relates to the public key 
exponent e via d = e~ l (mod((p, - 1) • (p 2 - 1) ■ • ■ (^-1)))^ 



56. A svstem for processing a message used in cryptographic com munications, comprising: 
means for selecting a public kev portion e; 

means for developing k distinct random prime numbers, vu p?, ■ ■ . Pk, where k > 3, and for 
checking that each of the k distinct random prime numbers m inus 1. Pi-1. ■ ■ . Pk-1, 
is relatively prime to the public kev portion e: 

means for establishing a private kev portion d bv a relationship to the public kev portion e in the 
form oid = g" 1 (modCfo - 1) • (p 2 - 1) • • • (p k - 1))) 1 

means for computing a composite number, n. as a prod uct of the k distinct random prime 
numbers; 

means for obtaining a ciphertext message data C; and 

means for decoding the ciphertext message data C to a pl aintext message data M using a 
relationship of the form M= C d (mod n\ 



57. The svstem according to claim 56. furt her comprising: 

means for encoding the plaintext message data M to th e ciphertext message data C using a 
relationship of the form C= M e (mod n\ where 0< M<n-\. 

58. A svstem for processing a message used in cryptographic com munications, comprising: 
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means for selecting a public key portion e: 

means for developing k distinct random prime numbers, vu pi. . ■ . Vv . where k > 3, and for 
checking that each of the k distinct random prime numbers minus K . . . Z7k-1, 

is relatively prime to the public key portion e\ 

means for establishing a private key portion d by a relationship to the pub lic kev portion g of the 
form d 5 e- 1 (mod(( A - l)-(p 2 - 1) - - 1))) I 

means for computing a composite number, n. as a product of the k dist inct random prime 
numbers; 

means for encoding a plaintext message data M with the private k ev portion d to produce a 
signed messa ge Mc using a relationship of the form Mf M d (mod n\ where 0<M<n-l. 

59. The system of claim 58 further comprising the step of: 

means for decoding the signed message M 1 with the private kev portion e to produce the plaintext 
message data Musing a relationship of the form M= M e (mod n\ 

60. The system of claim 57, wherein the system can conduct encrypted comm unications with 
other public kev cryptography system that encrvpt/decrvpt data using a modulus va lue equal to n 
independent of the k distinct prime numbers. 

61. The system of claim 59, wherein the system can conduct encrypted commu nications with 
other public kev cryptography systems that encrvpt/decrvpt data using a modulus value equal to 
n independent of the k distinct prime numbers. 
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REMARKS 



This Preliminary Amendment is filed concurrently with a Reissue Application for U.S. 
Patent No. 5,848,159 (hereafter the "original patent"). 

Status of the Claims : 

As of the date of this Preliminary Amendment, claims 1-13 of the original patent are 
amended and remain pending; claims 14-61 have been added. Thus, claims 1-61 are now 
pending in the Reissue Application. 

Statement of Support in the Disclosure of the Original Patent for the Amendments : 

The Specification : 

The specification of the original patent has been amended to correct typographical errors 
and other matters of form and to render the specification consistent throughout and with the 
claims. Support for the amendments to the specification may be found throughout the original 
patent. No new matter has been introduced by the amendments to the specification. 

In general, changes embodying corrections of typographical errors and other matters of 
form are self explanatory and need no further explanation. As to the mathematical expressions, 
equations expressing any congruence of the form b=c(mod m) or the like, where b is congruent 
to c and m is the modulus, are mathematically written in proper form as Z>= c(mod m) . 
Accordingly all the equations are written in proper form, e.g., C=M e (mod ri). Were applicable, 
the parentheses (e.g., around "mod «") are properly added as well. 

Support for amendments to the paragraph beginning at column (hereafter "col."), line 4 
may be found in col. 1 of the cover page. Support for the amendments to the paragraph 
beginning at col. 3, line 23 and the paragraph beginning at col. 3, line 27 may be found for 
example at col. 2 of the cover page and col. 13, lines 44-47. 
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Support for amendments to the paragraph beginning at col. 3, line 36, may be found at 
column 5, lines 31-33. Support for amendments to the paragraph beginning at col. 3, line 56, 
may be found for example at col. 3, lines 20-26, col. 3, lines 44-55 and col. 4, lines 9-11. Support 
for amendments to the paragraph beginning at col. 4, line 6, may be found for example at col. 
3,lines 20-26, col. 4, lines 6-12, 32-34 and 52-56. 

Support for amendments to the paragraph beginning at col. 4, line 13 and the paragraph 
beginning at col 4, line 50, may be found for example at col. 3 line 42, col. 4, line 41, and col. 
10, lines 54-56. Further support for amendments to the paragraph beginning at col. 4, line 50 
may be found at col. 4, lines 50-52. 

Support for paragraph inserted before the paragraph beginning at col. 5, line 52, may be 
found for example at col. 14, lines 30-36 and 45-49. Support for amendments to the paragraph 
beginning at col. 5, line 30, may be found for example at col. 2, lines 5-10, col. 3, line 42, col. 4 
line 41, col 5, line 39, col. 10, line 65 and col. 11, lines 8-9. Further support for amendments to 
the paragraph beginning at col. 5, line 30, may be found in the multitude of mathematical 
expressions where d, the private key portion, is the "exponent," e.g., M= C^mode ri) at col. 6, 
lines 1-5. 

Support for amendments to the paragraph beginning at col. 6, line 24, may be found for 
example at col. 5, lines 31-33, col. 6, line 37 ("M=7*. . ."), col. 7, line 15, and col. 1 1, lines 1 5- 
20. Support for amendments to the paragraph beginning at col. 6, line 65, may be found for 
example at col. 6, lines 1-4, 26-35, 40-53 and 67. Support for amendments to the paragraph 
beginning at col. 7, line 1, may be found for example at col. 2, lines 32-34 and 40, col. 3, lines 
22-26, col. 4, lines 32-34, col. 6 line 38 and col. 7, lines 56-58. 

Support for amendments to the paragraph beginning at col. 8, line 1, is fund in col. 8 line 
3 (i.e., FIPS 140-1 with level 3 is a well known standard, See: 

http://csrc.nist.gov/fips/fipsl401.htm). Support for amendments to the paragraph beginning at 
col. 10, line 15, may be found for example at Figure 3. Support for amendments to the paragraph 
beginning at col. 10, line 35, may be found for example in col. 10 line 40 and line 53 (i.e., M is 
represented by a numerical value greater than 0 and smaller than n). 
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The Claims : 

Claims 1-13 of the original patent have been amended to correct typographical errors and 
other matters of form, as well as to recite more clearly and particularly the subject matter which 
Applicants regard as their invention. New claims 14-61 have been added to further point out and 
distinctly claim subject matter which Applicants regard as their invention. Support for the 
amendments to claims 1-13 and for the newly added claims, 14-61, may be found throughout the 
original patent. No new matter has been introduced by the amendments to the claims. 

In general, claim amendments embodying corrections of typographical errors, antecedent 
basis errors, and other matters of form are self explanatory and need no further explanation. As 
to the mathematical expressions, equations expressing any congruence of the form b-c(mod m) 
or the like, where b is congruent to c and m is the modulus, are mathematically written in proper 
form as b= cfmod m). Accordingly all the equations are written in proper form, e.g., C=M e (mod 
n). Were applicable, parentheses (e.g., around "mod «") are properly added as well. 

Support for amendments to claim 1 as now presented may be found, for example, at 
claim 1 as presented in the original patent, as well as col.l, lines 32-42, col. 3, lines 39-44, col. 5, 
lines 30-33, col. 7, lines 25-28 and col. 8, lines 8-11. Support for amendments to claim 2 as now 
presented may be found, for example, at claims 1 and 2 as presented in the original patent, as 
well as col. 2, lines 24-30, col. 5, lines 36-40 and col. 14, lines 19-24. Similarly, support for 
amendments to claims 3-13 as now presented may be found, for example, at claims 1-13 as 
presented in the original patent. Further support for the amendments to claims 3-13 as now 
presented may be found for example at col.l, lines 32-42, col. 2, lines 24-30, col. 3, lines 39-44, 
col. 5, lines 30-40, col. 7, lines 25-28, col. 8, lines 8-11, and col. 14, lines 19-24. Further support 
for amendments to claim 12 as now presented may be found for example at col.9, lines 48-50. 

As to the newly added claims, support for claim 14-23, 40-43, and 50-58 may be found, 
for example, at col. 1, lines 32-42, col.3, lines 35-44, col. 4, lines 37-49, col. 5, lines 30-33 and 
36-51, col. 7, lines 25-28, col. 8, lines 8-11, col. 14, lines 30-36. Further support for new claims 
14-23, 40-43, and 50-58 may be found at claims 1-13 as presented in the original patent. For 
example, support for new claims 18 and 19 may be found in claim 9, i.e., col. 14, lines 30-36. 
Further support for new claims 20 and 22 may be found at col. 3, lines 30-36 and 53-55, and col. 
7, lines 25-28. Support for new claims 24-33 may be found for example at column 3, lines 36-65. 
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Support for new claims 34-39 may be found for example at col. 4, lines 8-12 and col. 5, lines 61- 
63. Further support for new claims 40 and 41 may be found at col. 5, lines 58-61. Further support 
for new claims 42, 43, 50-52, and support for new claims 44-49 may be found at Figures 1-3, and 
the accompanying description at col. 7, line 34 to col. 10, lines 34. Further support for new 
claims 50-54 may be found at col. 5, line 52 to col. 6, line 6. Finally, support for claims 60 and 
61 may be found at col. 4, lines 6-13 and col. 5, lines 61-63. 



Summary : 

Entry of the foregoing amendments to the specification and claims is hereby respectfully 
requested. Claims 1-61 are now presented for examination in the Reissue Application which is 
believed to be in condition for allowance. Prompt examination and allowance of the pending 
claims is therefore respectfully requested. 

Concurrent Office Proceedings: and Petition for Waiver of Delav : 

It is noted that Reexamination Requests respecting the original patent have been filed 
with the U.S. Patent and Trademark Office on May 18, 2000 (Order Granting Reexamination 
mailed July 19, 2000; Control No. 90/005,733) and on July 28, 2000, respectively. In view of the 
concurrent office proceedings, Reexamination and Reissue Application, it is hereby requested 
that the Reexamination proceeding be staved until the Reissue Application proceeding is 
concluded, or, in the alternative, that the Reexamination proceeding be merged with the Reissue 
Application proceeding (37 C.F.R. 1.565(d)). 

In view of the concurrent office proceedings, a Petition under 37 C.F.R. 1 . 1 83 to waive 
the 2-months delav for nrotest is attached herewith. Examination of the Reissue Application 
should commence without delay and before the Reexamination proceeds. 
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Fee Authorization : 

If for any reason an insufficient fee has been paid, the Commissioner is hereby authorized 
to charge any deficiency in payment of required fees associated with this communication to 
Deposit Account 02-3964. 

o 

Date: October 19, 2000 Respectfully submitted, 

CJ = 

^ = 




Oppenheimer Wolff & Donnelly LLP 

3373 Hillview Avenue By: Leah Sherry, 

Palo Alto, CA 94304 Attorney for Applicant 

Tel: (650) 320-4000 Reg. No. 43,918 



I , CERTIFICATE OF MAILING (37 CFR 1.10(a)) 

I CERTIFICATE OF MAILING BY "EXPRESS MAIL" - Rule 10: I hereby certify that this correspondence is being deposited 
* on October 5, 2000 with the U.S. Postal Service "Express Mail Post Office to Addressee" under 37 CFR 1.10 as Express Mail 
) No. EL655031318US addressed to: Box Reissue Patent Application, Assistant Commissioner for Patents, Washington, D.C. 
=20231 



■Date: October 19, 2000 
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PUBLIC KEY CRYPTOGRAPHIC 
APPARATUS AND METHOD 

This application claims the benefit of U.S. Provisional 
Application No. 60/033.271 for PUBLIC KEY CRYTO- 5 
GRAPHIC APPARATUS AND METHOD, filed Dec. 9. 
1996. naming as inventors. Thomas Colins. Dale Hopkins. 
Susan Langford and Michale Sabin. the discolsure of which 
is incorporated by reference. 

10 \ 

BACKGROUND OF THE INVENTION 

This invention relates generally to communicating data in 
a secure fashion, and more particularly to a cryptographic 
system and methods using public key cryptography. I5 

Computer systems are found today in virtually every walk 
of life for storing, mamtaining. and transferring various ; 
types of data. The integrity of large portions of this data. j 
especially that portion relating to financial transactions, is | 
vital to the health and survival of numerous commercial 20 f 
enterprises. Indeed, as open and unsecured data communi- 
cations channels for sales transactions gain popularity, such 
as credit card transactions over the Internet, individual 
consumers have an increasing stake in data security. 

Thus, for obvious reasons, it is important that financial 25 
transaction communications pass from a sender to an 
intended receiver without intermediate parties being able to 
interpret the transferred message. 

Cryptography, especially public key cryptography, has 30 
proven to be an effective and convenient technique of 
enhancing data privacy and authentication. Data to be 
secured, called plaintext, is transformed into encrypted data, 
or ciphertext. by a predetermined encryption process of one 
type or another. The reverse process, transforming ciphertext 35 
into plaintext, is termed decryption. Of particular impor- 
tance to this invention is that the processes of encryption and 
decryption are controlled by a pair of related cryptographic 
keys. A "public" key is used for the encryption process, and 
a "private" key is used to decrypt ciphertext. The public key 40 
transforms plaintext to ciphertext. but cannot be used to 
decrypt the ciphertext to retrieve the plaintext therefrom. 

As an example, suppose a Sender A wishes to send 
message M to a recipient B. The idea is to use public key E 
and related private key D for encryption and decryption of 45 
M. The public key E is public information while D is kept j 
secret by the intended receiver. Further, and importantly. ; 
although E is determined by D. it is extremely difficult to 
compute D from E. Thus the receiver, by publishing the 
public key E. but keeping the private key D secret, can 50 
assure senders of data encrypted using E that anyone who 
intercepts the data will not be able to decipher it. Examples 
of the public key/private key concept can be found in U.S. 
Pat. Nos. 4200.770. 4.218.582. and 4.424.414. 

The prior art includes a number of public key schemes, in 
addition to those described in the above-identified patents. 
Over the past decade, however, one system of public key 
cryptography has gained popularity. Known generally as the 
"RSA" scheme, it is now thought by many to be a worldwide ^ 
defacto standard for public key cryptography. The RSA 
scheme is described in U.S. Pat. No. 4.405.829 which is 
fully incorporated herein by this reference. 

The RSA scheme capitalizes on the relative ease of 
creating a composite number from the product of two prime 65 
numbers whereas the attempt to factor the composite num- 
ber into its constituent primes is difficult. The RSA scheme 
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uses a public key E comprising a pair of positive integers n 
and e. where n is a composite number of the form 



n=pq 



(1) 



10 



where p and q are different prime numbers, and e is a number 
relatively prime to (p-1) and (q-1): that is. e is relatively 
prime to (p-1) or (q-1) if e has no factors in common with 
either of them Importantly, the sender has access to n and 
e. but not to p and q. The message M is a number repre- 
sentative of a message to be transmitted wherein 

0£/W</t-l. ( 2 ) 

The sender enciphers M to create ciphertext C by computing 
15 the exponential 

C=W(mod n). (3) 

The recipient of the ciphertext C retrieves the message M 
using a (private) decoding key D. comprising a pair of 
positive integers d and n. employing the relation 

M=C*{mod n) ( 4 > 

As used in (4), above, d is a multiplicative inverse of 

*fmod(lcm(</>-l), (?-!)))) ( 5 > 

so that 

c .a=l(mod(Icm(G^n (9-1)))) <^ 

where lcm((p-l). (q-1)) is the least common multiple of 
numbers p-1 and q-1. Most commercial implementations of 
RSA employ a different, although equivalent, relationship 
for obtaining d: 



20 



25 



30 



35 



This alternate relationship simplifies computer processing. 
Note: Mathematically (6) defines a set of numbers and (7) 
40 defines a subset of that set For implementation. (7) or (6) 

usually is interpreted to mean d is the smallest positive 

element in the set.) 
The net effect is that the plaintext message M is encoded 

knowing only the public key E (i.e.. e and n). The resultant 
45 ciphertext C can only decoded using decoding key D. The 

composite number n. which is part of the public key E. is 

computationally difficult to factor into its components. 

prime numbers p and q. a knowledge of which is required to 

decrypt C 

50 From the time a security scheme, such as RSA. becomes 
publicly known and used, it is subjected to unrelenting 
attempts to break it. One defense is to increase the length 
(i.e.. size) of both p and q. Not long ago it was commonly 
recommended that p and q should be large prime numbers 75 

55 digits long (i.e.. on the order of 10 75 ). Today, it is not 
uncommon to find RSA schemes being proposed wherein 
the prime numbers p and q are on the order of 150 digits 
long. This makes the product of p and q a 300 digit number. 
(There are even a handful of schemes that employ prime 

60 numbers (p and q) that are larger, for example 300 digits 
long to form a 600 digit product) Numbers of this size, 
however, tend to require enormous computer resources to 
perform the encryption and decryption operations. Consider 
that while computer instruction cycles are typically mea- 

65 sured in nanoseconds (billionths of seconds), computer 
computations of RSA steps are typically measured in mil- 
liseconds (thousandths of seconds). Thus millions of com- 
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puter cycles are required to compute individual RSA steps 
resulting in noticeable delays to users. 

This problem is exacerbated if the volume of ciphertext 
messages requiring decryption is large — such as can be 
expected by commercial trans actions employing a mass 5 
communication medium such as the Internet. A financial 
institution may maintain an Internet site that could conceiv- 
ably receive thousands of enciphered messages even* hour 
that must be decrypted and perhaps even responded to. » 
Using larger numbers to form the keys used for an RSA 10 
scheme can impose severe Limitations and restraints upon 
the institution's ability to timely respond. 

Many prior an techniques, while enabling the RSA 
scheme to utilize computers more efficiently, nonetheless 
have failed to keep pace with the increasing length of n. p. 15 
and q. 

Accordingly, it is an object of this invention to provide a | 
system and method for rapid encryption and decryption of i 
data without compromising data security. [ 

It is another object of this invention to provide a system 20 j 
and method that increases the computational speed of RSA 
encryption and decryption techniques. 

It is still another object of this invention to provide a 
system and method for implementing an RSA scheme in 
which the components of n do not increase in length as n 25 
increases in length. 

It is still another object to provide a system and method 
for utilizing multiple (more than two ). distinct prime number 
components to create n. 

It is a further object to provide a system and method for 3C , 
providing a technique for reducing the computational effort 
for calculating exponentiations in an RSA scheme for a 
given length of n. 

SUMMARY OF THE INVENTION 35 

The present invention discloses a method and apparatus 
for increasing the computational speed of RSA and related 
public key schemes by focusing on a neglected area of 
computation inefficiency. Instead of n=p*q. as is universal in 
the prior art. the present invention discloses a method and 40 
apparatus wherein n is developed from three or more distinct 
prime numbers; i.e.. n^p^pv. . . -p^ where k is an integer 

greater than 2 and p^p 2 P* ^ sufficiently large distinct 

primes. Preferably, "sufficiently large primes** are prime 
numbers that are numbers approximately 150 digits long or 45 
larger. The advantages of the invention over the prior art 
should be immediately apparent to those skilled in this art. ! 
If. as in the prior art. p and.q are each on the order of. say. 
150 digits long, then n will be on the order of 300 digits long. 
However, three primes p 2 . p x . and p 3 employed in accor- so 
dance with the present invention can each be on the order of 
100 digits long and still result in n being 300 digits long. 
Finding and verifying 3 distinct primes, each 100 digits 
long, requires significantly fewer computational cycles than 
finding and verifying 2 primes each 150 digits long. 55 

The commercial need for longer and longer primes shows 
no evidence of slowing: already there are projected require- 
ments for n of about 600 digits long to forestall incremental 
improvements in factoring techniques and the ever faster 
computers available to break ciphertext. The invention. 6C 
allowing 4 primes each about 150 digits long to obtain a 600 
digit n. instead of two primes about 350 digits long, results 
in a marked improvement in computer performance. For. not 
only are, primes that are 150 digits in size easier to find and 
verify than ones on the order of 350 digits, but by applying 65 
techniques the inventors derive from the Chinese Remainder 
Theorem (CRT), public key cryptography calculations for 
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encryption and decryption are completed much faster — even 
if performed serially on a single processor system However, 
the inventors 1 techniques are particularly adapted to be 
advantageously apply enable public key operations to par- 
5 allel computer processing. 

The present invention is capable of using the RSA scheme 
to perform encryption and decryption operation using a large 
(many digit) n much faster than heretofore possible. Other 
advantages of the invention include its employment for 
10 decryption without the need to revise the RSA public 
encryption transformation scheme currently in use on thou- 
sands of large and small computers. 

A key assumption of the present invention is that n. 
composed of 3 or more sufficiently large distinct prime 
numbers, is no easier (or not very much easier) to factor than 
the prior art. two prime number n. The assumption is based 
on the observation that there is no indication in the prior art 
literature that it is "easy" to factor a product consisting of 
more than two sufficiently large, distinct prime numbers. 
This assumption may be justified given the continued effort 
(and failure) among experts to find a way "easily" to break 
large component numbers into their large prime factors. This 
assumption is similar, in the inventors' view, to the assump- 
^ tion underlying the entire field of public key cryptography 
that factoring composite numbers made up of two distinct 
primes is not "easy." That is. the entire field of public key 
cryptography is based not on mathematical proof, but on the 
assumption that the empirical evidence of failed sustained 
3Q efforts to find a way systematically to solve NP problems in 
polynomial time indicates that these problems truly are 
"difficult" 

The invention is preferably implemented in a system that 
employs parallel operations to perform the encryption. 

35 decryption operations required by the RSA scheme. Thus, 
there is also disclosed a cryptosystem that includes a central 
processor unit (CPU) coupled to a number of exponentiator 
elements. The exponentiator elements are special purpose 
arithmetic units designed and structured to be provided 

^ . message data M. an encryption key e. and a number n (where 
D== Pi *P2* - • * Pjt- k being greater than 2) and return ciphertext 
C according to the relationship. 

C=AT(mod(n)). 

45 Alternatively, the exponentiator elements may be pro- 
vided the ciphertext C. a decryption (private) key d and n to 
return M according to the relationship. 

Af^fmodOi)) 

50 According to this aspect of the invention, the CPU 
receives a task, such as the requirement to decrypt cypher- 
text data C. The CPU will also be provided, or have 
available, a public key e and n. and the factors of n (p x . p 2 . 
. . . p A ). The CPU breaks the encryption task down into a 
55 number of sub-tasks, and delivers the sub-tasks to the 
exponentiator elements. When the results of the sub-tasks 
are returned by the exponentiator elements to the CPU' 
which will, using a form of the CRT. combine the results to 
obtain the message data M. An encryption task may be 
60 performed essentially in the same manner by the CPU and 
its use of the exponentiator elements. However, usually the 
factors of n are not available to the sender (encryptor). only 
the public key. e and n. so that no sub-tasks are created. 
In a preferred embodiment of this latter aspect of the 
65 invention, the bus structure used to couple the CPU and 
exponentiator elements to one another is made secure by 
encrypting all important information communicated 
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thereon. Thus, data sent to the exponentiates elements is 
passed through a data encryption unit that employs, 
preferably, the ANSI Data Encryption Standard (DES). The 
exponential elements decrypt the DES-encrypted sub-task 
information they receive, perform the desired task, and 5 
encrypt the result, again using DES. for return to the CPU. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a simplified block diagram of a cryptosystero jq 
architecture configured for use in the present invention. 

FIG. 2 is a memory map of the address space of the 
cryptosystem of FIG. 1; and 

FIG. 3 is an exemplary illustration of one use of the ^ 
invention. 



DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS 



The message data. M is encrypted to ciphertext C using 
the relationship of (3). above, i.e.. 

To decrypt the ciphertext. C. the relationship of (3). 
above, is used: 



20 



25 



As indicated above, the present invention is employed in 
the context of the RSA public key encryption/decryptioD 
scheme. As also indicated, the RSA scheme obtains its 
security from the difficulty of factoring large numbers, and 
the fact that the public and private keys are functions of a 
pair of large (100-200 digits or even larger) prime numbers. 
Recovering the plaintext from the public key and the cipher- 
text is conjectured to be equivalent to factoring the product 
of two primes. 

According to the present invention, the public key portion 30 
e is picked. Then, three or more random large, distinct prime 

numbers. p x . p 2 p^ are developed and checked to ensure 

that each is relatively prime to e. Preferably, the prime 

numbers are of equal length. Then, the product n=p A , p 2 

p k is computed. 35 

Finally, the decryption key, d. is established by the 
relationship: 



40 



45 



50 

where n and d are those values identified above. 

Using the present invention involving three primes to 
develop the product n. RSA encryption and decryption time 
can be substantially less than an RSA scheme using two 
primes by dividing the encryption or decryption task into 55 
sub-tasks, one sub-task for each distinct prime. (However, 
breaking the encryption or decryption into subtasks requires 
knowledge of the factors of n. This knowledge is not usually 
available to anyone except the owner of the key. so the 
encryption process can be accelerated only in special cases. 60 
such as encryption for local storage. A system encrypting 
data, for another user performs the encryption process 
according to (3). independent of the number of factors of n. 
Decryption, on the other hand, is performed by the owner of 
a key. so the factors of n are generally known and can be 65 
used to accelerate the process.) For example, assume that 
three distinct primes, p^ p 2 . and p 3 . are used to develop the 
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product n. Thus, decryption of the ciphertext, C. using the 
relationship 

M^imod n) 

5 is used to develop the decryption sub-tasks: 

A/^^mod p t 
M 2 =C 2 d hnod p 2 

10 

Af j=Cj*mod p 3 

where 

C J =Cmod Pl ; 

15' 

C 2 =Cmod p 2 \ 
C 3 =Cmod p 3 \ 
dy=4wo& Oi~l); 

20 

^2=JiDod (^ 2 -l): and 
dy^duood (/>j-l). 

The results of each sub-task. M x . M 2 . and M 3 can be 
25 combined to produce the plaintext. M. by a number of 
techniques. However, it is found that they can most expe- 
ditiously be combined by a form of the Chinese Remainder 
Theorem (CRT) using, preferably, a recursive scheme. 
Generally, the plaintext M is obtained from the combination 
30 of the individual sub-tasks by the following relationship: 

Y^Y^+KMrY^) (n^mod p/jmod p t ]-wpx)d n 

where 

35 

i§2 and 



M=Y k , Yi = Ci.wdw t = n Pj 
J<i 

40 

Encryption is performed in much the same manner as that 
used to obtain the plaintext M. provided (as noted above) the 
factors of n are available. Thus, the relationship 

45 C-ATiwod n\ 

can be broken down into the three sub-tasks, 

C^M^vaod pi 
50 C 2 =M 2 ' 2 mod p 2 

C 3 -M 3 <i uiod Pi 

where 

55 Af^Mdnodp,), 

M 2 ~M{ mod p 2 \ 

M 3 =M(wod p 3 ), 
60 tfi=«mod (p t -D. 

ff 2 =tfmod ^ 2 -l).and 

e 3 =emod (jC?j — L ) 

65 In generalized form, the decrypted message M can be 
obtained by the same summation identified above to obtain 
the ciphertext C from its contiguous constituent sub-tasks C r 
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Preferably, the recursive CRT method described above is 
used to obtain either the ciphertext. C. or the deciphered 
plaintext (message) M due to its speed. However, there may 
be occasions when it is beneficial to use a non-recursive 
technique in which case the following relationships are used: 5 

k 

M= Z M/h' 1 mod p ( )w, mod n 



Hj= pj. and 

k is the number (3 or more) of distinct primes chosen to 15 
develop the product n. 

Thus, for example above (k=3 ). M is constructed from the 
returned sub-task values M A . M 2 . M 3 by the relationship 

M=M l (w 1 ~ l wod pi) H 1 mod/n+M 2 (K 2 ~ 1 mod p 2 ) K 2 mod n +M 3 (w 3 ~ 
imod p 3 ) H 3 mod n ^0 

where 

Employing the multiple distinct prime number technique 25 
of the present invention in the RSA scheme can realize 
accelerated processing over that using only two primes for 
the same size n. The invention can be implemented on a 
single processor unit or even the architecture disclosed in the 
above-referenced U.S. Pat. No. 4.405.829. The capability of 30 
developing sub-tasks for each prime number is particularly 
adapted to employing a parallel architecture such as that 
illustrated in FIG. 1. 

Turning to FIG. 1. there is illustrated a cryptosystem 
architecture apparatus capable of taking particular advan- 35 
tage of the present invention. The cryptosystem. designated 
with the reference numeral 10. is structured to form a part of 
a larger processing system (not shown) that would deliver to 
the cryptosystem 10 encryption and/or decryption requests, 
receiving in return the object of the request — an encrypted 40 
or decrypted value. The host would include a bus structure 
12. such as a peripheral component interface (PCI) bus for 
communicating with the cryptosystem 10. 

As FIG. 1 shows. The crypt oprocessor 10 includes a 
central processor unit (CPU) 14 that connects to the bus 45 
structure 12 by a bus interface 16, The CPU 14 comprises a 
processor element 20. a memory unit 22, and a data encryp- 
tion standard (DBS) unit 24 interconnected by a data/ address 
bus 26. The DES unit 24. in turn, connects to an input/output 
(I/O) bus 30 (through appropriate driver/receiver circuits — 50 
not shown). 

The I/O bus 30 communicatively connects the CPU to a 
number of exponentiator elements 32 fl . 32 6 . and 32,.. Shown 
here are three exponentiator elements, although as illustrated 
by the "other" exponentiators 32 rt . additional exponentiator 55 
elements can be added. Each exponentiator element is a state 
machine controlled arithmetic circuit structured specifically 
to implement the relationship described above. Thus, for 
example, the exponentiator 32a would be provided the 
values M t . e lt and p. n to develop C r Similarly, the 60 
exponentiator circuits 32b and 32c develop C 2 and C 3 from 
corresponding subtask values M 2 . e 2 . P 2 . M 3 . e_,. and P 3 . 

Preferably, the CPU 14 is formed on a single integrated 
circuit for security reasons. However, should there be a need 
for more storage space than can be provided by the "on- 65 
board" memory 22. the bus 30 may also connect the CPU 14 
to an external memory unit 34. 
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In order to ensure a secure environment, it is preferable 
that the cryptosystem 10 meet the Federal Information 
Protection System (FTPS) level 3. Accordingly, the elements 
that make up the CPU 14 would be implemented in a design 
5 that will be secure from external probing of the circuit. 
However, information communicated on the I/O bus 30 
between the CPU 14 and the exponentiator circuits 32 (and 
external memory 34 — if present) is exposed. Consequently, 
to maintain the security of that information, it is first 
encrypted* by the DES unit 24 before it is placed on the I/O 
bus 30 by the CPU 14. The exponentiator circuits 32. as well 
as the external memory 34. will also include similar DES 
units to decrypt information received from the CPU. and 
later to encrypt information returned to the CPU 14. 
It may be that not all information communicated on the 
15 I/O bus 30 need be secure by DES encryption. For that 
reason, the DES unit 24 of the CPU 14 is structured to 
encrypt outgoing information, and decrypt incoming 
information, on the basis of where in the address space used 
by the cryptosystem the information belongs; that is. since 
20 information communicated on the I/O bus 30 is either a write 
operation by the CPU 14 to the memory 34. or a read 
operation of those elements, the addresses assigned to the 
secure addresses and non-secure addresses. Read or write 
operations conducted by the CPU 14 using secure addresses 
25 will pass through the DES unit 24 and that of the memory 
34. Read or write operations involving non-secure addresses 
will by-pass these DES units. 

FIG. 2 diagrammatically illustrates a memory map 40 of 
the address space of the cryptosystem 10 that is addressable 
30 by the processor 20. As the memory map 40 shows, an 
address range 40 provides addresses for the memory 22. and 
such other support circuitry (e.g.. registers — not shown) that 
may form a part of the CPU 14. The addresses used to write 
information to, or read information from, the exponentiator 
35 elements 32 are in the address range 44 of the memory map 
40. The addresses for the external memory 34 are in the 
address ranges 46. and 48. The address ranges 44 and 46 are 
for secure read and write operations. Information that must 
be kept secure, such as instructions for implementing 
40 algorithms, encryption/decryption keys, and the like, if 
maintained in external memory 34, will be stored at loca- 
tions having addresses in the address range 46. Information 
that need not be secure such as miscellaneous algorithms 
data, general purpose instructions, etc. are kept in memory 
45 locations of the external memory 34 having addresses within 
the address range 48. 

The DES unit 24 is structured to recognize addresses in 
the memory spaces 44. 46. and to automatically encrypt the 
information before it is applied to the I/O bus 30. The DES 
50 unit 24 is bypassed when the processor 20 accesses 
addresses in the address range 48. Thus, when the processor 
20 initiates write operations to addresses within the memory 
space within the address range 46 (to the external memory 
34). the DES unit 24 will automatically encrypt the infor- 
55 mation (not the addresses) and place the encrypted infor- 
mation on the I/O bus 30. Conversely, when the processor 20 
reads information from the external memory 34 at addresses 
within the address range 46 of the external memory 34. the 
DES unit will decrypt information received from the I/O bus 
60 30 and place the decrypted information on the data/address 
bus 26 for the processor 20. 

In similar fashion, information conveyed to or retrieved 
from the exponentiators 32 by the processor 20 by write or 
read operations at addresses within the address range 44. 
65 Consequently, writes to the exponentiators 32 will use the 
DES unit 24 to encrypt the information. When that 
(encrypted) information is received by the exponentiators 
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32. it is decrypted by on-board DES units (of each expo- 
nentiate* 32). The results of the task performed by the 
exponentiator 32 is then encrypted by the exponentiator's 
on-board DES unit, retrieved by the processor 20 in 
encrypted form and then decrypted by the DES unit 24. 5 

Information that need not be maintained in secure fashion 
to be stored in the external memory 34. however, need only 
be written to addresses in the address range 48. The DES 
unit 24 recognizes writes to the address range 48, and 
bypasses the encryption circuitry, passing the information, in 10 
unencrypted form, onto the I/O bus 30 for storing in the 
external memory 34. Similarly, reads of the external 
memory 34 using addresses within the address range 48 are 
passed directly from the I/O bus 30 to the data/address bus 
26 by the DES unit 24. 15 

In operation, the CPU 14 will receive from the host it 
serves (not shown;, via the bus 12, an encryption request 
The encryption request will include the message data M to 
be encrypted and. perhaps, the encryption keys e and n (in 

the form of the primes p A , p 2 p*). Alternatively, the keys 20 

may be kept by the CPU 14 in the memory 22. In any event, 
the processor 20 will construct the encryption sub-tasks C x . 

C 2 C k f or execution by the exponentiators 32. 

Assume, for the purpose of the remainder of this 
discussion, that the encryption/decryption tasks performed 25 
by the cryptosystem 10. using the present invention, 
employs only three distinct primes, pj, p 2 . p 3 . The processor 
20 will develop the sub tasks identified above, using M. e. 
Pi P^ P3 Thus, for example, if the exponentiator 32a were 
assigned the sub-task of developing Q. the processor would 30 
develop the values M L . e x . and (p t -i) and deliver units 
(write) these values, with n. to the exponentiator 32a. 
Similar values will be developed by the processor 20 for the 
sub-tasks that will be delivered to the exponentiators 326 
and 32c. 35 

In turn, the exponentiators 32 develop the values C A . C 2 . 
and C 3 which are returned to (retrieved by) the CPU 14. The 
processor 20 will then combine the values C 2 . C : . and C 3 to 
form C. the ciphertext encryption of M. which is then 
returned to the host via the bus 12. 40 

The encryption, decryption techniques described 
hereinabove, and the use of the cryptosystem 10 (FIG. 1) can 
find use in a number of diverse environments. Illustrated in 
FIG. 3 is one such environment. FIG. 3 shows a host system 
50. including the bus 12 connected to a plurality of crypto- 45 1 

systems 10 f 10a. 10b 10m) structured as illustrated in 

FIG. 1. and described above. In turn, the host system 50 
connects to a communication medium 60 which could be, 
for example, an internet connection that is also used by a 
number of communicating stations 64. For example, the host 50 
system 50 may be employed by a financial institution 
running a web site accessible, through the communication 
medium, by the stations 64. Alternatively, the communica- 
tion medium may be implemented by a local area network 
CLAN) or other type network. Use of the invention described 55 
herein is not limited to the particular environment in which 
it is used, and the illustration in FIG. 3 is not meant to limit 
in any way how the invention can be used. 

As an example, the host system, as indicated, may receive 
encrypted communication from the stations 64. via the 60 
communication medium 60. Typically, the data of the com- 
munication will be encrypted using DES. and the DES key 
will be encrypted using a public key by the RSA scheme, 
preferably one that employs three or more distinct prime 
numbers for developing the public and private keys. 65 

Continuing, die DES encrypted communication, includ- 
ing the DES key encrypted with the RSA scheme, would be 
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received by the host system. Before decrypting the DES 
communication, it must obtain the DES key and, 
accordingly, the host system 50 will issue, to one of the 
cryptosys terns 10 a decryption request instruction, contain- 
5 ing the encrypted DES key as the cyphertext C. If the 
(private) decryption keys, d, n (and its component primes. 

p : , p 2 pj are not held by the cryptosystem 10. they also 

will be delivered with the encryption request instruction. 
In turn, the cryptosystem 10 would decrypt the received 
10 cyphertext in the manner described above (developing the 
sub-tasks, issuing the sub-tasks to the exponentiator 32 of 
the cryptosystem 10. and reassembling the results of the 
sub-task to develop the message data: the DES key), and 
return to the host system the desired, decrypted information. 
15 Alternatively, the post-system 50 may desire to deliver, 
via the communication medium 60, an encrypted commu- 
nication to one of the stations 64, If the communication is to 
be encrypted by the DES scheme, with the DES key 
encrypted by the RSA scheme, the host system would 
20 encrypt the communication, forward the DES key to one of 
the cryptosystems 10 for encryption via the RSA scheme. 
When the encrypted DES key is received back from the 
cryptosystem 10, the host system can then deliver to one or 
more of the stations 64 the encrypted message. 
25 Of course, the host system 50 and the stations 64 will be 
using the RSA scheme of public key encryption/decryption. 
Encrypted communications from the stations 64 to the host 
system 50 require that the stations 64 have access to the 
public key E (E. N) while the host system maintains the 

30 private key D (D. N. and the constituent primes. p A . p 2 

pj. Conversely, for secure communication from the host 
system 50 to one or more of the stations 64, the host system 
would retain a public key E' for each station 64. while the 
stations retain the corresponding private keys E\ 
35 Other techniques for encrypting the communication could 
used. For example, the communication could be entirely 
encrypted by the RSA scheme. If. however, the communi- 
cation greater than n-1. it will need to be broken up into 
blocks size M where 

40 

o^v/^v-i 

Each block M would be separately encrypted/decryptecL 
using the public key/private key RSA scheme according to 
that described above. 
45 What is claimed: 

1. A method for establishing cryptographic communica- 
tions comprising the step of: 

encoding a plaintext message word M to a ciphertext 
word signal C, where M corresponds to a number 
50 representative of a message and 

0§A/^n-l 

n being a composite number formed from the product 
55 of pt P 2 -- - - -pjt where k is an integer greater than 2. p : . 
p 2 . . . . p* are distinct prime numbers, and where C is 
a number representative of an encoded form of message 
word M. wherein said encoding step comprises the step 
of: 

60 transforming said message word signal M to said cipher- 
text word signal C whereby 

C-M*\ mod n > 

65 where e is a number relatively prime to (pi-l)*(p 2 -l)- 
2. The method according to claim L comprising the 
further step of: 
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decoding the ciphertext word signal C to the message - 
word signal M. wherein said decoding step comprises 
the step of: transforming said ciphertext word signal C. 
whereby: 

5 

M=C e '(mod n) 

where d is a multiplicative inverse of e(mod(lcm((p x - 

1). (P2-D (P*-l«)). 

3. A method for transferring a message signal M, in a io ■ 
communications system having j terminals, wherein each 
terminal is characterized by an eacodmg key E-^e,. n t ) and 

decoding key D,-(d,. n,). where i=l, 2 j. and wherein 

M, corresponds to a number representative of a message- 
to-be-transmitted from the i Th terminal, n, is a composite 15 
number of the form j 

"r^j'Po-. 'Pa 

where k is an integer greater than 2, 2 o 

p, r p 0 p iJt are distinct prime numbers. 

e, is relatively prime to lcm(p til -L p li2 -l. P,>"1) d, is 
selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 

25 

e/modCfcnif(p u -I). (p lC -l) <PurU)))< 

comprising the step of: 

encoding a digital message word signal for transmis- 
sion from a first terminal (i=A) to a second terminal 30 
(i=B). said encoding step including the sub- step of: 

transforming said message word signal M A to one or more 
message block word signals M^". each block word 
signal M/' corresponding to a number representative of ^ 
a portion of said message word signal in the range 

transforming each of said message block word signals 
M A " to a ciphertext word signal C A > C A corresponding 
to a number representative of an encoded form of said ^ 
message block word signal M/'. whereby: 

C A sM A "* B (axxi 

4. A cryptographic communications system comprising: 
a communication medium: 

an encoding means coupled to said channel and adapted 
for transforming a transmit message word signal M to 
a ciphertext word signal C and for transmitting C on 
said channel, where M corresponds to a number rep- sg 
resentative of a message and 

0=M^d-1 where n is a composite number of the form 

n =Pl'Pl • Pk 

55 

where k is an integer greater than 2 and p,. p 2 p k are 

distinct prime numbers, and where C corresponds to a 
number representative of an enciphered form of said mes- 
sage and corresponds to 

60 

C^Af < rood n t 

where e is a number relatively prime to lcm(p i -l. p 2 -l 

p^— 1 ; : and 

a decoding means coupled to said channel and adapted for 65 
receiving C from said channel and for transforming C 
to a receive message word signal M* where M' corre- 
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sponds to a number representative of a deciphered form 
of C and corresponds to 

WsCVmod n) 

5 where d is selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 



*tmodacro((p,-I), (p 2 -l\ Q> k -1')))). 

5, A cryptographic communications system having a 
plurality of terminals coupled by a communications channel, 
including a first terminal characterized by an associated 
encoding key E^e,,. n^) and decoding key D A =(d^. n A ). 
wherein n^ is a composite number of the form 

where k is an integer greater than 2, p A d . p A2 p^ ± are 

distinct prime numbers. e A is relatively prime to 

lcmO^-i. p Aa ~i p AJ ri\ 

d A is selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 

^(mod(lcm((p AJ -l), (p Aj -i) (p A 

and including a second terminal, comprising: 
blocking means for transforming a message-to-be- 
transmitted from said second terminal to said first 
terminal to one or more transmit message word signals 
where corresponds to a number representative 
of said message in the range 

encoding means coupled to said channel and adapted for 
transforming each transmit message word signal to 
a ciphertext word signal C B and for transmitting C B on 
said channel. 

where C B corresponds to a number representative of an 
enciphered form of said message and corresponds to 

<V=AV(mod n A ) 

45 wherein said first terminal comprises: 

decoding means coupled to said channel and adapted for 
receiving said ciphertext word signals C B from said 
channel and for transforming each of said ciphertext 
word signals to a receive message word signal M B . and 

5G means for transforming said receive message word 
signals M' to said message, where M* is a number 
representative of a deciphered form of C B and corre- 
sponds to 

55 M B '=C B ^(u^d n A ). 

6. The system according to claim 5 wherein said second 
terminal is characterized by an associated encoding key 
Etf=(e^ n^; and decoding key DB~(D B . d B ). where: 

60 

n s is a composite number of ihe form 
n B^PB.\ Pb.i' Pbj. 

where k is an integer greater than 2. p Bl * p B2 Psk 

65 are distinct prime numbers. t B is relatively prime to 
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d B is selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 

5 

wherein said first terminal comprises: 

blocking means for transforming a message-to-be- 
transmitted from said first terminal to said second 
terminal, to one or more transmit message word 
signals M A . where corresponds to a number 10 * 
representative of said message in the range 

0£M/*(mod n B ) 

encoding means coupled to said channel and adapted 15 
for transforming each transmit message word signal 

to a ciphertext word signal C A and for transmit- i 
ting C A on said channel. J 

where C A corresponds to a number representative of an j 
enciphered form of said message and corresponds to 20 * 

wherein said second terminal comprises; 

decoding means coupled to said channel and adapted 2 j 
for receiving said ciphertext word signals C A from 
said channel and for transforming each of said 
ciphertext word signals to a receive message word 
signal M A \ and means for transforming said receive 
message word signals M A to said message, 30 

where M* corresponds to a number representative of a 
deciphered form of C and corresponds to 

7. A method for establishing cryptographic communica- 35 
tions comprising the step of: 

encoding a digital message word signal M to a cipher text 
word signal C where M corresponds to a number 
representative of a message and ^ 

where n is a composite number having at least 3 whole 

number factors greater than one. the factors being 45 

distinct prime numbers, and 
where C corresponds to a number representative of an 

encoded form of message word M. 
wherein said encoding step comprises the step of: 

transforming said message word signal M to said 50 
ciphertext word signal C whereby 

where e and a tf . a^ zlq are numbers. 55 

8. In the method according to claim 7 where said encoding 
step includes the step of transforming M to C by the 
performance of a first ordered succession of invertible 
operations on M. the further step of: 

decoding C to M by the performance of a second ordered 60 
succession of invertible operations on C. where each of 
the invertible operations of said second succession is 
the inverse of a corresponding one of said first 
succession, and wherein the order of said operations in 
said second succession is reversed with respect to the 65 
order of corresponding operations in said first succes- 
sion. 
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9. A communication system for transferring message 
signals M t . comprising: 
j stations*, each of the j stations being characterized by an 
encoding key E=(t r n t ) and decoding key D,^(d t . n t > , 
5 where i=1.2. . . . .j. and wherein 

M, corresponds to a number representative of a mes- 
sage signal to be transmitted from the i th terminal, 
and 



10 QZMtZnrU 

n, is a composite number of the form 

15 where k is an integer greater than 2. 

p ia . p t 2 p (jt are distinct prime numbers. 

e ( is relatively prime to lcm(p ; i-l.p t ->-l 

Pa-l). 

d, is selected from the group consisting of the class 
10 of numbers equivalent to a multiplicative inverse 

of 



^/mcd(lcm(0^-l), (p^-l), . . . , Cu-l)))* 

25 a first one of the j terminals including 

means for encoding a digital message word signal 
M A for transmission from said first terminal 
(i=A) to a second one of the j terminals (i=B). 
and 

30 means for transforming said message word signal 

M A to a signed message word signal M Ax . M AJ 
corresponding to a number representative of an 
encoded form of said message word signal M A . 
whereby: 

35 

10. The system of claim 9 further comprising: 
means for transmitting said signal message word signal 

from said first terminal to said second terminal, 
and wherein said second terminal includes means for 
decoding said signed message word signal to said 
message word signal M A . said second terminal includ- 
ing: 

means for transforming said signed message word 
signal M AS to said message word signal M^. 
whereby 

11. A communications system for transferring a message 
signal M,. the communications system comprising 

j communication stations each characterized by an encod- 
ing key E x — (e t , nj and decoding key D=(d,. n,), where 

i=l. 2 j. and wherein M, corresponds to a number 

representative of a message signal to be transmitted 
from the I th terminal, n, is a composite number of the 
form 



40 



45 



60 

where 

k is an integer greater than 2. 

p ia . p, 2 p t k are distinct prime numbers. 

65 e, is relatively prime to icm^ ^-Lp, . . .p Jjt -i). 
d, is selected from the group consisting of the class of 
numbers equivalent to a multiplicative inverse of 
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a first one of the j communication stations including 
means for encoding a digital message word signal 

for transmission from said first one of the j corarau- 5 
nication stations (i-A) to a second one of the j 
communication stations (i=B). 
means for transforming said message word signal M A 
to one or more message block word signals M A '\ 
each block word signal M/ being a number repre- 10 
sentative of a portion of said message word signal 
M A ' in the range O^M^n^-l. and 
means for transforming each of said message block 
word signals M/' to a ciphertext word signal C A * C A 
corresponding to a number representative of an 15 
encoded form of said message block word signal 
M^". whereby: 

CjsM/^ivooA n B ). 

20 

12. The system of claim 11 further comprising: 

means for transmitting said ciphertext word signals from 
said first terminal to said second terminal, and 

wherein said second terminal includes means for decod- 
ing said ciphertext word signals to said message word 25 
signal MA. said second terminal including: 

means for transforming each of said ciphertext word 
signals C A to one of said message block 

word signals M^". whereby 
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M A "sC A M (jaod n B ) 



means for transforming said message block word signals 
5 M A " to said message word signal M^. 

13. In a communications system, including first and 
second communicating stations interconnected for commu- 
nication therebetween. 

the first communicating station having 
io encoding means for transforming a transmit message 
word signal M to a ciphertext word signal C where 
M corresponds to a number representative of a 
message and 

15 O^M^n-l 

where n is a composite number having at least 3 whole 
number factors greater than one. the factors being 
distinct prime numbers, and 
20 where C corresponds to a number representative of an 
enciphered form of said message and corresponds to 

25 where e and a tf . a ff -l ao are numbers: and 

means for transmitting the ciphertext word signal C 
to the second communicating station. 



